CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1451 CVE-2020-25788 829 2020-09-19 2020-09-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.
1452 CVE-2020-25775 362 2020-09-29 2020-10-07
6.3
None Local Medium Not required None Complete Complete
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.
1453 CVE-2020-25773 415 Exec Code 2020-09-29 2020-10-02
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.
1454 CVE-2020-25762 89 Sql Bypass 2020-09-30 2020-10-08
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.
1455 CVE-2020-25760 89 Sql 2020-09-30 2020-10-20
6.5
None Remote Low ??? Partial Partial Partial
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
1456 CVE-2020-25751 89 Sql 2020-09-18 2020-09-24
6.5
None Remote Low ??? Partial Partial Partial
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.
1457 CVE-2020-25748 319 2020-09-25 2020-10-08
6.8
None Remote Medium Not required Partial Partial Partial
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.
1458 CVE-2020-25728 640 2020-09-17 2020-09-25
6.5
None Remote Low ??? Partial Partial Partial
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.
1459 CVE-2020-25695 89 Sql 2020-11-16 2020-12-07
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
1460 CVE-2020-25694 327 2020-11-16 2020-12-07
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
1461 CVE-2020-25690 119 Exec Code Overflow 2021-02-23 2021-03-01
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
1462 CVE-2020-25689 400 DoS 2020-11-02 2020-11-23
6.8
None Remote Low ??? None None Complete
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.
1463 CVE-2020-25668 362 2021-05-26 2021-06-04
6.9
None Local Medium Not required Complete Complete Complete
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
1464 CVE-2020-25629 284 2020-12-08 2020-12-08
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
1465 CVE-2020-25622 352 CSRF 2020-12-16 2020-12-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF.
1466 CVE-2020-25608 89 Sql 2020-12-18 2020-12-18
6.5
None Remote Low ??? Partial Partial Partial
The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.
1467 CVE-2020-25597 119 DoS Overflow 2020-09-23 2020-11-11
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable.
1468 CVE-2020-25595 269 DoS +Info 2020-09-23 2020-11-11
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.
1469 CVE-2020-25584 362 2021-04-07 2021-06-03
6.2
None Local High Not required Complete Complete Complete
In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, a superuser inside a FreeBSD jail configured with the non-default allow.mount permission could cause a race condition between the lookup of ".." and remounting a filesystem, allowing access to filesystem hierarchy outside of the jail.
1470 CVE-2020-25559 415 Exec Code 2020-09-16 2020-09-21
6.8
None Remote Medium Not required Partial Partial Partial
gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.
1471 CVE-2020-25557 77 2020-11-13 2021-01-28
6.5
None Remote Low ??? Partial Partial Partial
In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server.
1472 CVE-2020-25538 77 2020-11-13 2021-01-28
6.5
None Remote Low ??? Partial Partial Partial
An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server.
1473 CVE-2020-25533 362 2021-01-15 2021-01-26
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn.
1474 CVE-2020-25473 2020-11-24 2020-11-30
6.4
None Remote Low Not required Partial Partial None
SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.
1475 CVE-2020-25453 352 Exec Code Bypass CSRF 2020-09-15 2020-09-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in BlackCat CMS v.1.3.6. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
1476 CVE-2020-25399 522 XSS 2020-11-05 2020-11-10
6.8
None Remote Medium Not required Partial Partial Partial
Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat.
1477 CVE-2020-25398 1236 2020-11-05 2020-11-12
6.8
None Remote Medium Not required Partial Partial Partial
CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.
1478 CVE-2020-25379 89 Sql 2020-09-14 2020-09-18
6.5
None Remote Low ??? Partial Partial Partial
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query.
1479 CVE-2020-25291 787 2020-09-13 2020-09-17
6.8
None Remote Medium Not required Partial Partial Partial
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
1480 CVE-2020-25287 434 Exec Code 2020-09-13 2020-09-17
6.5
None Remote Low ??? Partial Partial Partial
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request.
1481 CVE-2020-25276 295 2020-09-11 2020-09-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.)
1482 CVE-2020-25269 416 2020-09-11 2020-09-20
6.8
None Remote Low ??? None None Complete
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.
1483 CVE-2020-25268 74 Exec Code 2020-11-10 2020-11-18
6.5
None Remote Low ??? Partial Partial Partial
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.
1484 CVE-2020-25256 798 2020-09-11 2020-11-09
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations.
1485 CVE-2020-25252 352 CSRF 2020-09-11 2020-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account).
1486 CVE-2020-25251 863 2020-09-11 2020-11-09
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.
1487 CVE-2020-25240 863 2021-03-15 2021-03-18
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service.
1488 CVE-2020-25239 863 2021-03-15 2021-03-18
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights.
1489 CVE-2020-25199 787 Exec Code Overflow 2020-12-09 2020-12-16
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
1490 CVE-2020-25198 384 2020-12-23 2020-12-23
6.8
None Remote Medium Not required Partial Partial Partial
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies.
1491 CVE-2020-25194 269 2020-12-23 2020-12-23
6.5
None Remote Low ??? Partial Partial Partial
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.
1492 CVE-2020-25188 125 Exec Code 2020-10-14 2020-10-26
6.8
None Remote Medium Not required Partial Partial Partial
An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870).
1493 CVE-2020-25185 120 Exec Code Overflow 2020-11-21 2020-12-03
6.5
None Remote Low ??? Partial Partial Partial
The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).
1494 CVE-2020-25181 125 Exec Code Overflow 2020-12-01 2020-12-02
6.8
None Remote Medium Not required Partial Partial Partial
WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution.
1495 CVE-2020-25177 787 Exec Code Overflow 2020-12-01 2020-12-02
6.8
None Remote Medium Not required Partial Partial Partial
WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution.
1496 CVE-2020-25174 427 Exec Code 2020-11-06 2020-11-13
6.9
None Local Medium Not required Complete Complete Complete
A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user.
1497 CVE-2020-25171 787 Exec Code 2021-02-19 2021-02-25
6.8
None Remote Medium Not required Partial Partial Partial
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
1498 CVE-2020-25170 1236 2020-11-06 2020-11-13
6.8
None Remote Medium Not required Partial Partial Partial
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.
1499 CVE-2020-25161 610 Exec Code 2021-02-23 2021-02-27
6.5
None Remote Low ??? Partial Partial Partial
The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator.
1500 CVE-2020-25149 22 Exec Code Dir. Trav. File Inclusion 2020-09-25 2020-09-30
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php.
Total number of vulnerabilities : 22306   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 (This Page)31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.