The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-17383 | A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device\'s file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI. | HIGH | Jan 28, 2022 | n/a |
| CVE-2020-17382 | The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054). | HIGH | Oct 9, 2020 | n/a |
| CVE-2020-17381 | An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\\totalcmd\\TOTALCMD64.EXE binary. | MEDIUM | Oct 21, 2020 | n/a |
| CVE-2020-17380 | A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. | MEDIUM | Jan 30, 2021 | n/a |
| CVE-2020-17376 | An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. | HIGH | Aug 26, 2020 | n/a |
| CVE-2020-17373 | SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. | LOW | Aug 13, 2020 | n/a |
| CVE-2020-17372 | SugarCRM before 10.1.0 (Q3 2020) allows XSS. | LOW | Aug 13, 2020 | n/a |
| CVE-2020-17368 | Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. | HIGH | Aug 14, 2020 | n/a |
| CVE-2020-17367 | Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. | MEDIUM | Aug 14, 2020 | n/a |
| CVE-2020-17366 | An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation .roa files or X509 Certificate Revocation List files from the RPKI relying party\'s view. | MEDIUM | Aug 7, 2020 | n/a |
| CVE-2020-17365 | Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application. | HIGH | Sep 25, 2020 | n/a |
| CVE-2020-17364 | USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. | MEDIUM | Aug 5, 2020 | n/a |
| CVE-2020-17363 | USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069. | HIGH | Dec 31, 2020 | n/a |
| CVE-2020-17362 | search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS. | MEDIUM | Aug 13, 2020 | n/a |
| CVE-2020-17361 | An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h returns silently when a negative length is provided (instead of throwing an exception). This could result in data being lost during the copy, with varying consequences depending on the subsequent use of the destination buffer. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | MEDIUM | Aug 12, 2020 | n/a |
| CVE-2020-17360 | An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads to a bypass of these checks, and out-of-bounds read/write. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | MEDIUM | Aug 12, 2020 | n/a |
| CVE-2020-17355 | Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed. | MEDIUM | Oct 22, 2020 | n/a |
| CVE-2020-17354 | LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used. | -- | Apr 17, 2023 | n/a |
| CVE-2020-17353 | scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. | HIGH | Aug 5, 2020 | n/a |
| CVE-2020-17352 | Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. | MEDIUM | Aug 7, 2020 | n/a |
| CVE-2020-17163 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | -- | Dec 29, 2023 | n/a |
| CVE-2020-17162 | Microsoft Windows Security Feature Bypass Vulnerability | MEDIUM | Feb 26, 2021 | n/a |
| CVE-2020-17160 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Dec 11, 2020 | n/a |
| CVE-2020-17159 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17158 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17156 | Visual Studio Remote Code Execution Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17153 | Microsoft Edge for Android Spoofing Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17152 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17150 | Visual Studio Code Remote Code Execution Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17148 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17147 | Dynamics CRM Webclient Cross-site Scripting Vulnerability | LOW | Dec 11, 2020 | n/a |
| CVE-2020-17145 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17144 | Microsoft Exchange Remote Code Execution Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17143 | Microsoft Exchange Server Information Disclosure Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17142 | Microsoft Exchange Remote Code Execution Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17141 | Microsoft Exchange Remote Code Execution Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17140 | Windows SMB Information Disclosure Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17139 | Windows Overlay Filter Security Feature Bypass Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17138 | Windows Error Reporting Information Disclosure Vulnerability | LOW | Dec 11, 2020 | n/a |
| CVE-2020-17137 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17136 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17135 | Azure DevOps Server Spoofing Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17134 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17133 | Microsoft Dynamics Business Central/NAV Information Disclosure | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17132 | Microsoft Exchange Remote Code Execution Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17131 | Chakra Scripting Engine Memory Corruption Vulnerability | MEDIUM | Dec 10, 2020 | n/a |
| CVE-2020-17130 | Microsoft Excel Security Feature Bypass Vulnerability | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2020-17129 | Microsoft Excel Remote Code Execution Vulnerability | HIGH | Dec 11, 2020 | n/a |
| CVE-2020-17128 | Microsoft Excel Remote Code Execution Vulnerability | HIGH | Dec 11, 2020 | n/a |
| CVE-2020-17127 | Microsoft Excel Remote Code Execution Vulnerability | HIGH | Dec 11, 2020 | n/a |
