CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2020-14426 522 2020-06-18 2020-06-19
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11.
952 CVE-2020-14393 787 Overflow 2020-09-16 2020-09-28
3.6
None Local Low Not required None Partial Partial
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
953 CVE-2020-14377 125 2020-09-30 2021-01-05
3.6
None Local Low Not required Partial None Partial
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.
954 CVE-2020-14367 59 DoS 2020-08-24 2020-09-09
3.6
None Local Low Not required None Partial Partial
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.
955 CVE-2020-14311 190 Overflow 2020-07-31 2021-05-01
3.6
None Local Low Not required None Partial Partial
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
956 CVE-2020-14310 190 Overflow 2020-07-31 2021-05-01
3.6
None Local Low Not required None Partial Partial
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
957 CVE-2020-14208 79 XSS 2020-11-18 2020-11-21
3.5
None Remote Medium ??? None Partial None
SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.
958 CVE-2020-14184 79 XSS 2020-10-12 2020-10-26
3.5
None Remote Medium ??? None Partial None
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1.
959 CVE-2020-14175 79 XSS 2020-07-24 2020-07-27
3.5
None Remote Medium ??? None Partial None
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.
960 CVE-2020-14173 79 XSS 2020-07-03 2020-07-09
3.5
None Remote Medium ??? None Partial None
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.
961 CVE-2020-14166 79 XSS 2020-07-01 2021-04-07
3.5
None Remote Medium ??? None Partial None
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
962 CVE-2020-14146 79 XSS 2020-06-15 2020-06-17
3.5
None Remote Medium ??? None Partial None
KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO.
963 CVE-2020-14073 79 +Priv XSS 2020-06-23 2020-12-02
3.5
None Remote Medium ??? None Partial None
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.
964 CVE-2020-14027 88 2020-09-22 2020-09-26
3.5
None Remote Medium ??? Partial None None
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks.
965 CVE-2020-14014 79 XSS 2020-06-24 2020-06-29
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Navigate CMS 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS.
966 CVE-2020-14012 79 XSS 2020-06-10 2020-07-01
3.5
None Remote Medium ??? None Partial None
scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent.
967 CVE-2020-14007 79 XSS 2020-06-24 2020-07-07
3.5
None Remote Medium ??? None Partial None
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition.
968 CVE-2020-14006 79 XSS 2020-06-24 2020-07-07
3.5
None Remote Medium ??? None Partial None
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team.
969 CVE-2020-13980 79 XSS 2020-06-09 2020-06-11
3.5
None Remote Medium ??? None Partial None
** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you are still required to be logged into the admin."
970 CVE-2020-13971 79 XSS 2020-07-28 2020-07-31
3.5
None Remote Medium ??? None Partial None
In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication.
971 CVE-2020-13911 79 XSS 2020-06-09 2020-06-12
3.5
None Remote Medium ??? None Partial None
Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation.
972 CVE-2020-13893 79 XSS 2020-10-18 2020-10-27
3.5
None Remote Medium ??? None Partial None
Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E).
973 CVE-2020-13892 79 XSS 2020-06-09 2020-06-11
3.5
None Remote Medium ??? None Partial None
The SportsPress plugin before 2.7.2 for WordPress allows XSS.
974 CVE-2020-13890 79 XSS 2020-06-06 2020-06-10
3.5
None Remote Medium ??? None Partial None
The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.
975 CVE-2020-13889 79 XSS 2020-06-06 2020-06-09
3.5
None Remote Medium ??? None Partial None
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
976 CVE-2020-13888 79 XSS 2020-06-22 2020-06-26
3.5
None Remote Medium ??? None Partial None
Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and user_management.php.
977 CVE-2020-13882 367 Bypass 2020-06-18 2020-07-03
3.7
None Local High Not required Partial Partial Partial
CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks.
978 CVE-2020-13872 307 Bypass 2020-06-09 2020-06-12
3.3
None Local Network Low Not required Partial None None
Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.
979 CVE-2020-13870 79 XSS 2020-06-05 2020-06-09
3.5
None Remote Medium ??? None Partial None
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.
980 CVE-2020-13869 79 XSS 2020-06-05 2020-06-09
3.5
None Remote Medium ??? None Partial None
An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.
981 CVE-2020-13865 79 XSS 2020-06-05 2020-06-09
3.5
None Remote Medium ??? None Partial None
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
982 CVE-2020-13864 79 XSS 2020-06-05 2020-06-09
3.5
None Remote Medium ??? None Partial None
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
983 CVE-2020-13853 79 XSS 2020-06-11 2020-06-11
3.5
None Remote Medium ??? None Partial None
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.
984 CVE-2020-13838 287 2020-06-04 2020-06-07
3.6
None Local Low Not required Partial Partial None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020).
985 CVE-2020-13837 287 2020-06-04 2020-06-07
3.6
None Local Low Not required Partial Partial None
An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020).
986 CVE-2020-13828 79 XSS 2020-08-31 2020-09-08
3.5
None Remote Medium ??? None Partial None
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter.
987 CVE-2020-13821 79 XSS 2020-08-26 2020-12-23
3.5
None Remote Medium ??? None Partial None
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker.
988 CVE-2020-13775 476 2020-06-02 2020-07-03
3.5
None Remote Medium ??? None None Partial
ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.
989 CVE-2020-13773 79 XSS 2020-11-16 2020-11-27
3.5
None Remote Medium ??? None Partial None
Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.
990 CVE-2020-13696 732 2020-06-08 2020-10-05
3.6
None Local Low Not required Partial Partial None
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.
991 CVE-2020-13660 79 XSS 2020-05-28 2020-05-29
3.5
None Remote Medium ??? None Partial None
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
992 CVE-2020-13644 79 XSS 2020-05-28 2020-05-28
3.5
None Remote Medium ??? None Partial None
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion.
993 CVE-2020-13595 617 2020-08-31 2020-09-08
3.3
None Local Network Low Not required None None Partial
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.
994 CVE-2020-13594 20 DoS 2020-08-31 2020-09-08
3.3
None Local Network Low Not required None None Partial
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
995 CVE-2020-13522 20 2020-08-04 2020-08-06
3.6
None Local Low Not required None Partial Partial
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.
996 CVE-2020-13487 79 XSS 2020-05-26 2020-05-28
3.5
None Remote Medium ??? None Partial None
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.
997 CVE-2020-13480 74 2020-06-22 2020-07-01
3.5
None Remote Medium ??? None Partial None
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.
998 CVE-2020-13476 79 XSS 2020-12-28 2020-12-30
3.5
None Remote Medium ??? None Partial None
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
999 CVE-2020-13461 2021-02-09 2021-02-12
3.3
None Local Network Low Not required Partial None None
Username enumeration in present in Tufin SecureTrack. It's affecting all versions of SecureTrack. The vendor has decided not to fix this vulnerability. Vendor's response: "This attack requires access to the internal network. If an attacker is part of the internal network, they do not require access to TOS to know the usernames".
1000 CVE-2020-13459 79 XSS 2020-05-25 2020-05-27
3.5
None Remote Medium ??? None Partial None
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.