CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2020-27555 522 Exec Code 2020-11-17 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.
502 CVE-2020-27277 476 Exec Code 2021-01-11 2021-03-09
9.3
None Remote Medium Not required Complete Complete Complete
Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.
503 CVE-2020-27275 787 Exec Code 2021-01-11 2021-03-09
9.3
None Remote Medium Not required Complete Complete Complete
Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
504 CVE-2020-27252 367 Exec Code 2020-12-14 2020-12-15
9.3
None Remote Medium Not required Complete Complete Complete
Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.
505 CVE-2020-27227 77 Exec Code 2021-04-13 2021-04-20
10.0
None Remote Low Not required Complete Complete Complete
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.
506 CVE-2020-27224 79 Exec Code XSS 2021-02-24 2021-03-25
9.3
None Remote Medium Not required Complete Complete Complete
In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.
507 CVE-2020-27220 862 2021-01-14 2021-01-22
9.0
None Remote Low ??? Complete Complete Complete
The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. The missing check involves verifying that the command target device is configured giving permission for the gateway device to act on its behalf. This means an authenticated device of a certain tenant, notably also a non-gateway device acting like a gateway, may receive command & control messages targeted at a different device of the same tenant without corresponding permissions getting checked.
508 CVE-2020-27151 2020-12-07 2020-12-08
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute arbitrary binaries as root on the worker nodes.
509 CVE-2020-27134 269 +Priv 2020-12-11 2020-12-11
9.0
None Remote Low ??? Complete Complete Complete
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.
510 CVE-2020-27133 269 +Priv 2020-12-11 2020-12-11
9.0
None Remote Low ??? Complete Complete Complete
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.
511 CVE-2020-27132 269 +Priv 2020-12-11 2020-12-11
9.0
None Remote Low ??? Complete Complete Complete
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.
512 CVE-2020-27131 502 Exec Code 2020-11-17 2020-11-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities.
513 CVE-2020-27127 269 +Priv 2020-12-11 2020-12-11
9.0
None Remote Low ??? Complete Complete Complete
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.
514 CVE-2020-26970 787 2020-12-09 2020-12-10
9.3
None Remote Medium Not required Complete Complete Complete
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
515 CVE-2020-26969 787 Mem. Corr. 2020-12-09 2020-12-10
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83.
516 CVE-2020-26968 787 Mem. Corr. 2020-12-09 2020-12-10
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
517 CVE-2020-26960 416 2020-12-09 2020-12-10
9.3
None Remote Medium Not required Complete Complete Complete
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
518 CVE-2020-26952 787 Mem. Corr. 2020-12-09 2020-12-09
9.3
None Remote Medium Not required Complete Complete Complete
Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83.
519 CVE-2020-26950 416 2020-12-09 2020-12-09
9.3
None Remote Medium Not required Complete Complete Complete
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.
520 CVE-2020-26943 Exec Code 2020-10-16 2020-10-27
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.
521 CVE-2020-26908 Bypass 2020-10-09 2020-10-16
10.0
None Remote Low Not required Complete Complete Complete
Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R69002 before 1.2.0.62, and WNR2020 before 1.1.0.62.
522 CVE-2020-26879 798 2020-10-26 2020-11-02
10.0
None Remote Low Not required Complete Complete Complete
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
523 CVE-2020-26878 862 Exec Code 2020-10-26 2020-11-02
9.0
None Remote Low ??? Complete Complete Complete
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
524 CVE-2020-26838 78 Exec Code 2020-12-09 2020-12-10
9.0
None Remote Low ??? Complete Complete Complete
SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.
525 CVE-2020-26829 287 2020-12-09 2021-06-17
9.0
None Remote Low Not required Partial Partial Complete
SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely.
526 CVE-2020-26820 434 Exec Code 2020-11-10 2021-04-06
9.0
None Remote Low ??? Complete Complete Complete
SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any application running on it.
527 CVE-2020-26712 89 Sql 2021-01-12 2021-01-15
10.0
None Remote Low Not required Complete Complete Complete
REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker can exploit and compromise all databases.
528 CVE-2020-26596 20 Exec Code 2020-10-07 2020-12-30
9.0
None Remote Low ??? Complete Complete Complete
The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO widget or by restricting availability of the Editor role.
529 CVE-2020-26582 77 Exec Code 2020-10-06 2020-10-15
9.0
None Remote Low ??? Complete Complete Complete
D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18).
530 CVE-2020-26574 79 Exec Code XSS 2020-10-06 2020-10-22
9.3
None Remote Medium Not required Complete Complete Complete
** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
531 CVE-2020-26548 Exec Code 2020-11-17 2020-11-30
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system.
532 CVE-2020-26507 1236 Exec Code 2020-11-05 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula code in the “Notes” functionality in the main screen, an attacker can inject a payload into the “Description” field under the “Insert To-Do” option. Other users might download this data, for example a CSV file, and execute the malicious commands on their computer by opening the file using a software such as Microsoft Excel. The attacker could gain remote access to the user’s PC.
533 CVE-2020-26217 78 Exec Code 2020-11-16 2021-06-14
9.3
None Remote Medium Not required Complete Complete Complete
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
534 CVE-2020-26201 521 2020-12-10 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.
535 CVE-2020-26167 200 +Info 2020-11-04 2020-11-16
10.0
None Remote Low Not required Complete Complete Complete
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
536 CVE-2020-26124 94 Exec Code 2020-10-02 2020-11-25
9.0
None Remote Low ??? Complete Complete Complete
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.
537 CVE-2020-26118 78 Exec Code 2021-01-11 2021-01-14
9.0
None Remote Low ??? Complete Complete Complete
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system.
538 CVE-2020-26097 522 2020-11-18 2020-12-03
10.0
None Remote Low Not required Complete Complete Complete
** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
539 CVE-2020-26085 78 +Priv 2021-01-07 2021-01-11
9.0
None Remote Low ??? Complete Complete Complete
Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory.
540 CVE-2020-26075 89 Sql 2020-11-18 2020-11-25
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device.
541 CVE-2020-25989 269 Exec Code 2020-11-19 2020-12-02
10.0
None Remote Low Not required Complete Complete Complete
Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges.
542 CVE-2020-25849 78 Exec Code 2020-11-01 2020-11-13
9.0
None Remote Low ??? Complete Complete Complete
MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token.
543 CVE-2020-25848 522 2020-12-31 2021-01-07
10.0
None Remote Low Not required Complete Complete Complete
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
544 CVE-2020-25803 913 Exec Code 2020-10-06 2020-10-09
9.0
None Remote Low ??? Complete Complete Complete
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.
545 CVE-2020-25802 913 Exec Code 2020-10-06 2020-10-09
9.0
None Remote Low ??? Complete Complete Complete
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7.
546 CVE-2020-25787 20 2020-09-19 2021-03-15
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
547 CVE-2020-25759 20 Exec Code 2020-12-15 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.
548 CVE-2020-25758 354 2020-12-15 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
549 CVE-2020-25749 798 2020-09-25 2020-10-08
10.0
None Remote Low Not required Complete Complete Complete
The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.
550 CVE-2020-25747 287 2020-09-25 2020-10-08
9.0
None Remote Low Not required Partial Partial Complete
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.