CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2020-35745 269 2021-01-07 2021-01-12
6.5
None Remote Low ??? Partial Partial Partial
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs.
1102 CVE-2020-35743 89 Sql 2020-12-31 2021-01-07
6.5
None Remote Low ??? Partial Partial Partial
HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages.
1103 CVE-2020-35742 89 Sql 2020-12-31 2021-01-07
6.5
None Remote Low ??? Partial Partial Partial
HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter.
1104 CVE-2020-35734 74 Exec Code 2021-02-15 2021-02-26
6.5
None Remote Low ??? Partial Partial Partial
** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
1105 CVE-2020-35728 502 2020-12-27 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
1106 CVE-2020-35714 77 Exec Code 2020-12-26 2020-12-28
6.5
None Remote Low ??? Partial Partial Partial
Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program.
1107 CVE-2020-35708 89 Sql 2020-12-25 2020-12-28
6.5
None Remote Low ??? Partial Partial Partial
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Import Administrators" page.
1108 CVE-2020-35702 787 Overflow 2020-12-25 2020-12-30
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects.
1109 CVE-2020-35701 89 Exec Code Sql 2021-01-11 2021-05-21
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.
1110 CVE-2020-35700 89 Exec Code Sql 2021-02-08 2021-02-09
6.5
None Remote Low ??? Partial Partial Partial
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
1111 CVE-2020-35682 863 Bypass 2021-03-13 2021-03-18
6.5
None Remote Low ??? Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
1112 CVE-2020-35666 89 Sql 2020-12-23 2020-12-23
6.5
None Remote Low ??? Partial Partial Partial
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value.
1113 CVE-2020-35657 434 Exec Code 2020-12-23 2020-12-23
6.5
None Remote Low ??? Partial Partial Partial
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product.
1114 CVE-2020-35656 434 Exec Code 2020-12-23 2020-12-23
6.5
None Remote Low ??? Partial Partial Partial
Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to upload a .php file. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product.
1115 CVE-2020-35654 787 Overflow 2021-01-12 2021-03-22
6.8
None Remote Medium Not required Partial Partial Partial
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
1116 CVE-2020-35626 352 CSRF 2020-12-21 2020-12-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php.
1117 CVE-2020-35625 732 2020-12-21 2020-12-23
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \MediaWiki\Shell\Shell::command within a comment.
1118 CVE-2020-35615 352 CSRF 2020-12-28 2020-12-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.
1119 CVE-2020-35547 863 2021-01-29 2021-02-04
6.4
None Remote Low Not required Partial Partial None
A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data.
1120 CVE-2020-35524 119 Exec Code Overflow 2021-03-09 2021-05-21
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow flaw was found in libtiff in the handling of TIFF images in libtiff's TIFF2PDF tool. A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
1121 CVE-2020-35523 190 Exec Code Overflow 2021-03-09 2021-05-21
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
1122 CVE-2020-35519 125 +Info 2021-05-06 2021-05-13
6.8
None Local Low Not required Complete Partial Complete
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
1123 CVE-2020-35492 121 Overflow 2021-03-18 2021-05-14
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
1124 CVE-2020-35491 502 2020-12-17 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
1125 CVE-2020-35490 502 2020-12-17 2021-06-14
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
1126 CVE-2020-35452 787 Overflow 2021-06-10 2021-06-16
6.8
None Remote Medium Not required Partial Partial Partial
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
1127 CVE-2020-35382 89 Sql 2020-12-14 2020-12-14
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.
1128 CVE-2020-35273 352 +Priv CSRF 2020-12-21 2020-12-22
6.0
None Remote Medium ??? Partial Partial Partial
EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account.
1129 CVE-2020-35270 89 Sql 2021-01-26 2021-02-01
6.4
None Remote Low Not required Partial Partial None
Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.
1130 CVE-2020-35269 352 CSRF 2020-12-23 2021-03-02
6.8
None Remote Medium Not required Partial Partial Partial
Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.
1131 CVE-2020-35239 352 Bypass CSRF 2021-01-26 2021-02-02
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The CsrfProtectionMiddleware component allows method override parameters to bypass CSRF checks by changing the HTTP request method to an arbitrary string that is not in the list of request methods that CakePHP checks. Additionally, the route middleware does not verify that this overriden method (which can be an arbitrary string) is actually an HTTP method.
1132 CVE-2020-35235 Exec Code 2020-12-14 2020-12-15
6.5
None Remote Low ??? Partial Partial Partial
** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
1133 CVE-2020-35233 400 DoS 2021-03-10 2021-03-16
6.1
None Local Network Low Not required None None Complete
The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack.
1134 CVE-2020-35230 190 DoS Overflow 2021-03-10 2021-03-17
6.7
None Local Network Low ??? Partial Partial Complete
Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack.
1135 CVE-2020-35227 120 Overflow 2021-03-10 2021-03-15
6.5
None Remote Low ??? Partial Partial Partial
A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command.
1136 CVE-2020-35224 120 Overflow 2021-03-10 2021-03-15
6.1
None Local Network Low Not required None None Complete
A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.
1137 CVE-2020-35223 352 Bypass CSRF 2021-03-10 2021-03-15
6.8
None Remote Medium Not required Partial Partial Partial
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.
1138 CVE-2020-35217 352 CSRF 2021-01-20 2021-02-02
6.8
None Remote Medium Not required Partial Partial Partial
Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack.
1139 CVE-2020-35151 89 Sql 2020-12-21 2020-12-22
6.5
None Remote Low ??? Partial Partial Partial
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.
1140 CVE-2020-35135 352 CSRF 2020-12-11 2021-03-31
6.8
None Remote Medium Not required Partial Partial Partial
The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF.
1141 CVE-2020-35129 79 XSS 2021-01-19 2021-01-27
6.0
None Remote Medium ??? Partial Partial Partial
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.
1142 CVE-2020-35128 79 XSS 2021-01-19 2021-02-24
6.0
None Remote Medium ??? Partial Partial Partial
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.
1143 CVE-2020-35125 79 XSS 2021-02-09 2021-02-16
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
1144 CVE-2020-35124 79 XSS 2021-01-28 2021-02-05
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
1145 CVE-2020-35121 94 2020-12-15 2020-12-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro.
1146 CVE-2020-35114 787 Mem. Corr. 2021-01-07 2021-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84.
1147 CVE-2020-35113 787 Mem. Corr. 2021-01-07 2021-01-12
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
1148 CVE-2020-35112 2021-01-07 2021-01-12
6.8
None Remote Medium Not required Partial Partial Partial
If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
1149 CVE-2020-29663 295 2020-12-15 2020-12-18
6.4
None Remote Low Not required Partial Partial None
Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.
1150 CVE-2020-29657 125 2020-12-09 2020-12-10
6.4
None Remote Low Not required Partial None Partial
In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.