CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2020-17108 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17109, CVE-2020-17110.
652 CVE-2020-17107 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.
653 CVE-2020-17106 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17107, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.
654 CVE-2020-17105 Exec Code 2020-11-11 2020-11-24
10.0
None Remote Low Not required Complete Complete Complete
AV1 Video Extension Remote Code Execution Vulnerability
655 CVE-2020-17104 20 Exec Code 2020-11-11 2020-11-24
9.3
None Remote Medium Not required Complete Complete Complete
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
656 CVE-2020-17096 Exec Code 2020-12-10 2021-03-04
9.0
None Remote Low ??? Complete Complete Complete
Windows NTFS Remote Code Execution Vulnerability
657 CVE-2020-17095 Exec Code 2020-12-10 2021-03-03
9.0
None Remote Low ??? Complete Complete Complete
Hyper-V Remote Code Execution Vulnerability
658 CVE-2020-17084 120 Exec Code 2020-11-11 2020-11-17
9.0
None Remote Low ??? Complete Complete Complete
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17083.
659 CVE-2020-17066 Exec Code 2020-11-11 2020-11-16
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17019, CVE-2020-17064, CVE-2020-17065.
660 CVE-2020-17065 Exec Code 2020-11-11 2020-11-16
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17019, CVE-2020-17064, CVE-2020-17066.
661 CVE-2020-17062 Exec Code 2020-11-11 2020-11-16
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
662 CVE-2020-17051 Exec Code 2020-11-11 2020-11-23
10.0
None Remote Low Not required Complete Complete Complete
Windows Network File System Remote Code Execution Vulnerability
663 CVE-2020-17049 269 Bypass 2020-11-11 2020-11-23
9.0
None Remote Low ??? Complete Complete Complete
Kerberos Security Feature Bypass Vulnerability
664 CVE-2020-17042 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
Windows Print Spooler Remote Code Execution Vulnerability
665 CVE-2020-17023 Exec Code 2020-10-16 2020-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file, aka 'Visual Studio JSON Remote Code Execution Vulnerability'.
666 CVE-2020-17003 Exec Code 2020-10-16 2020-10-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka 'Base3D Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16918.
667 CVE-2020-17002 Bypass 2020-12-10 2021-03-03
9.4
None Remote Low Not required Complete Complete None
Azure SDK for C Security Feature Bypass Vulnerability
668 CVE-2020-16977 Exec Code 2020-10-16 2020-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'.
669 CVE-2020-16968 119 Exec Code Overflow 2020-10-16 2020-10-23
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16967.
670 CVE-2020-16967 119 Exec Code Overflow 2020-10-16 2020-10-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16968.
671 CVE-2020-16957 Exec Code 2020-10-16 2020-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.
672 CVE-2020-16947 125 Exec Code 2020-10-16 2020-10-22
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.
673 CVE-2020-16924 119 Exec Code Overflow 2020-10-16 2020-10-22
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.
674 CVE-2020-16918 Exec Code 2020-10-16 2020-10-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka 'Base3D Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17003.
675 CVE-2020-16911 Exec Code 2020-10-16 2020-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
676 CVE-2020-16881 20 Exec Code 2020-09-11 2020-09-17
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file, aka 'Visual Studio JSON Remote Code Execution Vulnerability'.
677 CVE-2020-16875 94 Exec Code 2020-09-11 2020-09-17
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka 'Microsoft Exchange Server Remote Code Execution Vulnerability'.
678 CVE-2020-16874 94 Exec Code 2020-09-11 2020-09-17
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16856.
679 CVE-2020-16856 Exec Code 2020-09-11 2020-09-17
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16874.
680 CVE-2020-16608 79 Exec Code XSS 2020-12-10 2020-12-11
9.3
None Remote Medium Not required Complete Complete Complete
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).
681 CVE-2020-16259 732 2020-10-28 2020-11-04
10.0
None Remote Low Not required Complete Complete Complete
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.
682 CVE-2020-16257 77 2020-10-28 2020-11-03
10.0
None Remote Low Not required Complete Complete Complete
Winston 1.5.4 devices are vulnerable to command injection via the API.
683 CVE-2020-16256 352 CSRF 2020-10-28 2020-11-03
9.3
None Remote Medium Not required Complete Complete Complete
The API on Winston 1.5.4 devices is vulnerable to CSRF.
684 CVE-2020-16208 352 CSRF 2020-09-01 2020-09-08
9.3
None Remote Medium Not required Complete Complete Complete
The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).
685 CVE-2020-16205 78 Exec Code 2020-08-14 2020-08-19
9.0
None Remote Low ??? Complete Complete Complete
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).
686 CVE-2020-16204 912 Exec Code 2020-09-01 2020-09-04
10.0
None Remote Low Not required Complete Complete Complete
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).
687 CVE-2020-16148 94 2020-09-24 2021-06-14
9.0
None Remote Low ??? Complete Complete Complete
The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network.
688 CVE-2020-16147 94 2020-09-24 2021-06-14
10.0
None Remote Low Not required Complete Complete Complete
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.
689 CVE-2020-16087 74 2020-08-13 2020-08-19
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file.
690 CVE-2020-16039 416 2021-01-08 2021-01-11
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
691 CVE-2020-16038 416 2021-01-08 2021-01-11
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
692 CVE-2020-16037 416 2021-01-08 2021-01-11
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
693 CVE-2020-15932 59 2020-07-24 2020-08-05
9.0
None Remote Low ??? Complete Complete Complete
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.
694 CVE-2020-15922 78 Exec Code 2020-07-24 2020-09-28
10.0
None Remote Low Not required Complete Complete Complete
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
695 CVE-2020-15920 78 Exec Code 2020-07-24 2020-09-16
10.0
None Remote Low Not required Complete Complete Complete
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
696 CVE-2020-15916 78 Exec Code 2020-07-23 2020-07-27
10.0
None Remote Low Not required Complete Complete Complete
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.
697 CVE-2020-15903 269 2020-09-09 2020-09-15
10.0
None Remote Low Not required Complete Complete Complete
An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.
698 CVE-2020-15865 20 Exec Code 2020-08-18 2020-09-11
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server.
699 CVE-2020-15836 Exec Code 2021-02-01 2021-02-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root.
700 CVE-2020-15835 287 2021-02-01 2021-02-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.