# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
5301 |
CVE-2020-26914 |
77 |
|
|
2020-10-09 |
2020-10-16 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. |
5302 |
CVE-2020-26913 |
787 |
|
Overflow |
2020-10-09 |
2020-10-16 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, SRK60 before 2.2.2.20, SRR60 before 2.2.2.20, SRS60 before 2.2.2.20, WN3000RPv2 before 1.0.0.78, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.70, XR450 before 2.3.2.40, and XR500 before 2.3.2.40. |
5303 |
CVE-2020-26911 |
|
|
|
2020-10-09 |
2020-10-16 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. |
5304 |
CVE-2020-26910 |
77 |
|
|
2020-10-09 |
2020-10-16 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. |
5305 |
CVE-2020-26896 |
354 |
|
|
2020-10-21 |
2020-11-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim's receiver privacy. |
5306 |
CVE-2020-26895 |
354 |
|
|
2020-10-21 |
2020-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver, or payment-sender). The impact is a loss of funds in certain situations. |
5307 |
CVE-2020-26890 |
74 |
|
DoS |
2020-11-24 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the room's state, the impact is long-lasting and is not fixed by an upgrade to a newer version, requiring the event to be manually redacted instead. Since events are replicated to servers of other room members, the impact is not constrained to the server of the event sender. |
5308 |
CVE-2020-26883 |
674 |
|
|
2020-11-06 |
2020-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. |
5309 |
CVE-2020-26882 |
674 |
|
|
2020-11-06 |
2020-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. |
5310 |
CVE-2020-26877 |
601 |
|
|
2022-06-29 |
2022-07-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker's control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778. |
5311 |
CVE-2020-26876 |
863 |
|
Bypass |
2020-10-07 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020. This occurs because show_in_rest is enabled for custom post types (e.g., /wp-json/wp/v2/course and /wp-json/wp/v2/lesson exist). |
5312 |
CVE-2020-26869 |
|
|
|
2020-10-12 |
2021-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit. |
5313 |
CVE-2020-26868 |
|
|
|
2020-10-12 |
2020-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit. |
5314 |
CVE-2020-26836 |
601 |
|
|
2020-12-09 |
2021-06-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack. |
5315 |
CVE-2020-26834 |
287 |
|
|
2020-12-09 |
2020-12-10 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued. |
5316 |
CVE-2020-26831 |
|
|
|
2020-12-09 |
2020-12-10 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS). |
5317 |
CVE-2020-26830 |
862 |
|
|
2020-12-09 |
2021-06-17 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. These operations can be used to Change the User Experience Monitoring configuration, obtain details about the configured SAP Solution Manager agents, Deploy a malicious User Experience Monitoring script. |
5318 |
CVE-2020-26828 |
434 |
|
|
2020-12-09 |
2020-12-11 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload (script) on target machine could be used to steal and modify the data available in the spreadsheet |
5319 |
CVE-2020-26815 |
918 |
|
|
2020-11-10 |
2020-11-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability. |
5320 |
CVE-2020-26811 |
918 |
|
|
2020-11-10 |
2021-06-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability. |
5321 |
CVE-2020-26810 |
|
|
DoS |
2020-11-10 |
2020-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity. |
5322 |
CVE-2020-26809 |
276 |
|
Bypass |
2020-11-10 |
2021-06-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality. |
5323 |
CVE-2020-26797 |
787 |
|
Overflow |
2021-03-18 |
2022-01-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping. |
5324 |
CVE-2020-26763 |
|
|
|
2021-07-05 |
2021-07-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The Rocket.Chat desktop application 2.17.11 opens external links without user interaction. |
5325 |
CVE-2020-26732 |
311 |
|
|
2021-01-14 |
2022-07-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
SKYWORTH GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. |
5326 |
CVE-2020-26650 |
862 |
|
|
2020-10-22 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php |
5327 |
CVE-2020-26649 |
862 |
|
|
2020-10-22 |
2021-07-21 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php |
5328 |
CVE-2020-26606 |
200 |
|
+Info |
2020-10-06 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020). |
5329 |
CVE-2020-26605 |
532 |
|
+Info |
2020-10-06 |
2020-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software. They allow attackers to obtain sensitive information by reading a log. The Samsung ID is SVE-2020-18596 (October 2020). |
5330 |
CVE-2020-26604 |
269 |
|
|
2020-10-06 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020). |
5331 |
CVE-2020-26603 |
22 |
|
Dir. Trav. |
2020-10-06 |
2020-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020). |
5332 |
CVE-2020-26602 |
668 |
|
|
2020-10-06 |
2020-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020). |
5333 |
CVE-2020-26601 |
269 |
|
|
2020-10-06 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034 (October 2020). |
5334 |
CVE-2020-26600 |
200 |
|
+Info |
2020-10-06 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020). |
5335 |
CVE-2020-26599 |
287 |
|
|
2020-10-06 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020). |
5336 |
CVE-2020-26598 |
862 |
|
|
2020-10-06 |
2020-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network Management component could allow an unauthorized actor to kill a TCP connection. The LG ID is LVE-SMP-200023 (October 2020). |
5337 |
CVE-2020-26597 |
20 |
|
|
2020-10-06 |
2020-10-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software. The Wi-Fi subsystem has incorrect input validation, leading to a crash. The LG ID is LVE-SMP-200022 (October 2020). |
5338 |
CVE-2020-26575 |
835 |
|
|
2020-10-06 |
2021-02-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. |
5339 |
CVE-2020-26566 |
125 |
|
DoS |
2020-10-26 |
2022-08-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request. |
5340 |
CVE-2020-26565 |
917 |
|
|
2021-07-31 |
2021-08-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data. |
5341 |
CVE-2020-26559 |
863 |
|
|
2021-05-24 |
2021-06-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue. |
5342 |
CVE-2020-26552 |
326 |
|
|
2020-11-17 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. |
5343 |
CVE-2020-26551 |
312 |
|
|
2020-11-17 |
2020-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. |
5344 |
CVE-2020-26550 |
522 |
|
|
2020-11-17 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. |
5345 |
CVE-2020-26549 |
552 |
|
Bypass |
2020-11-17 |
2020-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. |
5346 |
CVE-2020-26547 |
345 |
|
|
2021-02-01 |
2021-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim. |
5347 |
CVE-2020-26546 |
89 |
|
Sql |
2020-10-12 |
2020-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
5348 |
CVE-2020-26540 |
347 |
|
+Info |
2020-10-02 |
2021-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur. |
5349 |
CVE-2020-26526 |
|
|
|
2020-10-02 |
2020-10-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid ("Unable to find an APIDomain" versus "Wrong email or password"). |
5350 |
CVE-2020-26524 |
|
|
|
2020-10-02 |
2022-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. |