CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1851 CVE-2020-15970 416 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1852 CVE-2020-15969 416 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1853 CVE-2020-15968 416 2020-11-03 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1854 CVE-2020-15967 416 2020-11-03 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
1855 CVE-2020-15965 843 2020-09-21 2021-01-30
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
1856 CVE-2020-15964 787 2020-09-21 2021-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1857 CVE-2020-15963 2020-09-21 2021-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
1858 CVE-2020-15962 2020-09-21 2021-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
1859 CVE-2020-15961 2020-09-21 2021-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.
1860 CVE-2020-15960 787 Overflow 2020-09-21 2021-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
1861 CVE-2020-15952 79 XSS 2020-11-05 2020-11-12
6.0
None Remote Medium ??? Partial Partial Partial
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based XSS.
1862 CVE-2020-15950 613 2020-11-05 2020-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout.
1863 CVE-2020-15947 89 Exec Code Sql 2020-08-13 2020-08-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId parameter.
1864 CVE-2020-15927 89 Sql 2020-10-06 2020-10-14
6.5
None Remote Low ??? Partial Partial Partial
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.
1865 CVE-2020-15925 89 Exec Code Sql 2020-08-13 2020-08-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter.
1866 CVE-2020-15909 384 +Priv 2020-10-19 2020-10-29
6.8
None Remote Medium Not required Partial Partial Partial
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantage of this, cookie could be stolen and the JSESSIONID can be captured. On its own this is not a surprising result; low security tools allow the cookie to roam from machine to machine. The JSESSION cookie can then be used on the attackers’ workstation by browsing to the victim’s NCentral server URL and replacing the JSESSIONID attribute value by the captured value. Expected behavior would be to check this against a second source and enforce at least a reauthentication or multi factor request as N-Central is a highly privileged service.
1867 CVE-2020-15904 787 Overflow 2020-07-22 2020-07-31
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.
1868 CVE-2020-15888 416 Overflow 2020-07-21 2020-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
1869 CVE-2020-15887 89 Exec Code Sql 2020-07-23 2020-09-01
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint.
1870 CVE-2020-15886 89 Exec Code Sql 2020-07-23 2020-09-01
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint.
1871 CVE-2020-15884 89 Exec Code Sql 2020-07-23 2020-07-27
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data.
1872 CVE-2020-15877 668 2020-07-21 2020-07-23
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
1873 CVE-2020-15871 732 Exec Code 2020-07-31 2020-08-11
6.8
None Remote Medium Not required Partial Partial Partial
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.
1874 CVE-2020-15867 78 Exec Code 2020-10-16 2021-04-08
6.5
None Remote Low ??? Partial Partial Partial
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in the UI, it could be considered a "Product UI does not Warn User of Unsafe Actions" issue.
1875 CVE-2020-15860 Exec Code 2020-07-24 2020-09-16
6.5
None Remote Low ??? Partial Partial Partial
Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm.
1876 CVE-2020-15849 89 Exec Code Sql Bypass 2020-09-30 2020-10-16
6.5
None Remote Low ??? Partial Partial Partial
Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application's database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework's bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488).
1877 CVE-2020-15842 502 Exec Code 2020-07-20 2020-07-24
6.8
None Remote Medium Not required Partial Partial Partial
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.
1878 CVE-2020-15838 287 2020-10-09 2020-10-26
6.5
None Remote Low ??? Partial Partial Partial
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
1879 CVE-2020-15825 269 2020-08-08 2020-08-10
6.5
None Remote Low ??? Partial Partial Partial
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.
1880 CVE-2020-15824 269 2020-08-08 2020-12-08
6.5
None Remote Low ??? Partial Partial Partial
In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
1881 CVE-2020-15817 94 Exec Code 2020-08-08 2020-08-10
6.5
None Remote Low ??? Partial Partial Partial
In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues.
1882 CVE-2020-15816 74 Exec Code 2020-07-17 2020-07-22
6.5
None Remote Low ??? Partial Partial Partial
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
1883 CVE-2020-15813 295 Bypass 2020-07-17 2020-07-22
6.8
None Remote Medium Not required Partial Partial Partial
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all versions that support LDAP) does not implement proper certificate validation (regardless of whether the "Allow self-signed certificates" option is used). Therefore, any attacker with the ability to intercept network traffic between a Graylog server and an LDAP server is able to redirect traffic to a different LDAP server (unnoticed by the Graylog server due to the lack of certificate validation), effectively bypassing Graylog's authentication mechanism.
1884 CVE-2020-15795 787 Exec Code 2021-04-22 2021-04-30
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.
1885 CVE-2020-15781 79 Exec Code XSS 2020-08-14 2020-08-21
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application.
1886 CVE-2020-15778 78 2020-07-24 2021-04-19
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
1887 CVE-2020-15776 352 Exec Code CSRF 2020-09-18 2020-11-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token, allowing them to perform cross-site request forgery.
1888 CVE-2020-15724 426 Exec Code Bypass 2020-07-21 2020-07-23
6.9
None Local Medium Not required Complete Complete Complete
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
1889 CVE-2020-15723 426 Exec Code Bypass 2020-07-21 2020-07-23
6.9
None Local Medium Not required Complete Complete Complete
In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
1890 CVE-2020-15722 426 Exec Code 2020-07-21 2020-07-23
6.9
None Local Medium Not required Complete Complete Complete
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.
1891 CVE-2020-15715 Exec Code 2020-07-28 2020-07-28
6.5
None Remote Low ??? Partial Partial Partial
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter.
1892 CVE-2020-15714 89 Sql 2020-07-28 2020-07-28
6.5
None Remote Low ??? Partial Partial Partial
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.
1893 CVE-2020-15713 89 Sql 2020-07-28 2020-07-28
6.5
None Remote Low ??? Partial Partial Partial
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.
1894 CVE-2020-15711 352 CSRF 2020-07-14 2020-07-15
6.8
None Remote Medium Not required Partial Partial Partial
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
1895 CVE-2020-15700 352 CSRF 2020-07-15 2020-07-15
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.
1896 CVE-2020-15695 352 CSRF 2020-07-15 2020-07-15
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.
1897 CVE-2020-15693 74 2020-08-14 2021-02-08
6.4
None Remote Low Not required Partial Partial None
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or values.
1898 CVE-2020-15688 294 Bypass 2020-07-23 2020-10-07
6.8
None Remote Medium Not required Partial Partial Partial
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.
1899 CVE-2020-15678 416 2020-10-01 2020-11-02
6.8
None Remote Medium Not required Partial Partial Partial
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
1900 CVE-2020-15675 120 Mem. Corr. 2020-10-01 2020-10-02
6.8
None Remote Medium Not required Partial Partial Partial
When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.
Total number of vulnerabilities : 22306   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 (This Page)39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.