CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2451 CVE-2020-10672 2020-03-18 2021-02-22
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
2452 CVE-2020-10671 352 CSRF 2020-03-19 2020-03-23
6.8
None Remote Medium Not required Partial Partial Partial
The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections. This is a system-wide issue. An attacker could perform administrative actions by targeting a logged-in administrative user. NOTE: this is fixed in the latest version.
2453 CVE-2020-10657 502 Exec Code 2021-01-06 2021-01-08
6.5
None Remote Low ??? Partial Partial Partial
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker (with admin or config-admin privileges in the console) to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.
2454 CVE-2020-10648 20 Bypass 2020-03-19 2021-03-26
6.8
None Remote Medium Not required Partial Partial Partial
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
2455 CVE-2020-10646 787 Overflow 2020-04-13 2020-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.
2456 CVE-2020-10639 120 Overflow 2020-04-15 2020-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could cause a buffer overflow when loaded by the affected product.
2457 CVE-2020-10634 22 Dir. Trav. 2020-05-05 2020-05-12
6.4
None Remote Low Not required Partial Partial None
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible.
2458 CVE-2020-10626 427 Exec Code 2020-05-14 2020-05-19
6.9
None Local Medium Not required Complete Complete Complete
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.
2459 CVE-2020-10622 2020-05-04 2020-05-06
6.8
None Remote Medium Not required Partial Partial Partial
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users
2460 CVE-2020-10619 22 Dir. Trav. 2020-04-09 2020-04-10
6.4
None Remote Low Not required None Partial Partial
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
2461 CVE-2020-10616 427 Exec Code 2020-05-14 2020-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.
2462 CVE-2020-10612 862 2020-05-14 2020-05-18
6.4
None Remote Low Not required None Partial Partial
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values.
2463 CVE-2020-10607 787 Exec Code Overflow 2020-03-27 2020-04-01
6.5
None Remote Low ??? Partial Partial Partial
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
2464 CVE-2020-10603 78 2020-04-09 2020-04-10
6.5
None Remote Low ??? Partial Partial Partial
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
2465 CVE-2020-10580 77 Exec Code 2021-03-25 2021-03-27
6.5
None Remote Low ??? Partial Partial Partial
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.
2466 CVE-2020-10568 352 Exec Code CSRF 2020-03-14 2020-03-19
6.8
None Remote Medium Not required Partial Partial Partial
The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.
2467 CVE-2020-10562 434 2020-03-13 2020-03-18
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads.
2468 CVE-2020-10557 434 Bypass 2020-03-16 2020-03-18
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.
2469 CVE-2020-10543 787 Overflow 2020-06-05 2021-06-14
6.4
None Remote Low Not required None Partial Partial
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
2470 CVE-2020-10540 352 CSRF 2020-03-13 2020-03-18
6.8
None Remote Medium Not required Partial Partial Partial
Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules.
2471 CVE-2020-10531 190 Overflow 2020-03-12 2021-01-20
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
2472 CVE-2020-10519 77 Exec Code 2021-03-03 2021-03-09
6.5
None Remote Low ??? Partial Partial Partial
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.
2473 CVE-2020-10518 74 Exec Code 2020-08-27 2020-09-03
6.5
None Remote Low ??? Partial Partial Partial
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.
2474 CVE-2020-10514 20 2020-04-15 2020-04-30
6.5
None Remote Low ??? Partial Partial Partial
iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command.
2475 CVE-2020-10390 78 Exec Code 2020-03-12 2020-03-26
6.5
None Remote Low ??? Partial Partial Partial
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.
2476 CVE-2020-10389 20 Exec Code 2020-03-12 2020-03-16
6.5
None Remote Low ??? Partial Partial Partial
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.
2477 CVE-2020-10386 20 Exec Code 2020-03-12 2020-03-16
6.5
None Remote Low ??? Partial Partial Partial
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
2478 CVE-2020-10379 120 Overflow 2020-06-25 2020-07-27
6.8
None Remote Medium Not required Partial Partial Partial
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
2479 CVE-2020-10289 20 Exec Code 2020-08-20 2020-08-31
6.5
None Remote Low ??? Partial Partial Partial
Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug.
2480 CVE-2020-10284 2020-07-15 2020-07-23
6.4
None Remote Low Not required None Partial Partial
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
2481 CVE-2020-10266 345 2020-04-06 2020-04-06
6.8
None Remote Medium Not required Partial Partial Partial
UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.
2482 CVE-2020-10252 918 DoS 2021-02-19 2021-02-25
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
2483 CVE-2020-10241 352 CSRF 2020-03-16 2020-03-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
2484 CVE-2020-10239 862 2020-03-16 2020-03-19
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
2485 CVE-2020-10235 20 Exec Code 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
2486 CVE-2020-10234 2021-02-05 2021-02-08
6.8
None Remote Low ??? None None Complete
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected.
2487 CVE-2020-10233 125 2020-03-09 2020-05-17
6.4
None Remote Low Not required Partial None Partial
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.
2488 CVE-2020-10229 352 CSRF 2020-09-14 2020-09-18
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
2489 CVE-2020-10228 434 Exec Code 2020-09-14 2020-09-18
6.5
None Remote Low ??? Partial Partial Partial
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
2490 CVE-2020-10195 200 +Info 2020-03-13 2020-03-18
6.5
None Remote Low ??? Partial Partial Partial
The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info.
2491 CVE-2020-10190 89 Sql 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint.
2492 CVE-2020-10185 294 2020-03-05 2020-03-12
6.8
None Remote Medium Not required Partial Partial Partial
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.
2493 CVE-2020-10174 362 Exec Code 2020-03-05 2020-03-23
6.9
None Local Medium Not required Complete Complete Complete
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.
2494 CVE-2020-10140 732 Exec Code 2020-10-21 2020-10-22
6.9
None Local Medium Not required Complete Complete Complete
Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis.
2495 CVE-2020-10122 20 2020-03-17 2020-03-19
6.4
None Remote Low Not required None Partial Partial
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).
2496 CVE-2020-10118 2020-03-17 2020-03-19
6.4
None Remote Low Not required Partial Partial None
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
2497 CVE-2020-10117 863 2020-03-17 2020-03-19
6.4
None Remote Low Not required Partial Partial None
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
2498 CVE-2020-10083 281 2020-03-13 2020-03-17
6.4
None Remote Low Not required Partial Partial None
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.
2499 CVE-2020-10057 352 CSRF 2020-03-04 2020-03-05
6.8
None Remote Medium Not required Partial Partial Partial
GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user.
2500 CVE-2020-10045 294 2020-07-14 2020-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.