| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-26163 |
|
|
|
2020-09-30 |
2020-10-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. |
|
2 |
CVE-2020-26160 |
862 |
|
Bypass |
2020-09-30 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. |
|
3 |
CVE-2020-26158 |
79 |
|
Exec Code XSS |
2020-09-30 |
2020-10-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration. |
|
4 |
CVE-2020-26157 |
79 |
|
Exec Code XSS |
2020-09-30 |
2020-10-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration. |
|
5 |
CVE-2020-26154 |
120 |
|
Overflow |
2020-09-30 |
2023-01-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. |
|
6 |
CVE-2020-26150 |
200 |
|
+Info |
2020-09-30 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. |
|
7 |
CVE-2020-26149 |
522 |
|
|
2020-09-30 |
2020-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server. |
|
8 |
CVE-2020-26148 |
908 |
|
DoS |
2020-09-30 |
2020-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. |
|
9 |
CVE-2020-26137 |
74 |
|
|
2020-09-30 |
2023-01-31 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. |
|
10 |
CVE-2020-26121 |
863 |
|
|
2020-09-27 |
2022-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title. |
|
11 |
CVE-2020-26120 |
79 |
|
XSS |
2020-09-27 |
2022-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM. |
|
12 |
CVE-2020-26117 |
295 |
|
|
2020-09-27 |
2022-11-16 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. |
|
13 |
CVE-2020-26116 |
74 |
|
|
2020-09-27 |
2023-05-24 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. |
|
14 |
CVE-2020-26115 |
79 |
|
XSS |
2020-09-25 |
2020-09-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574). |
|
15 |
CVE-2020-26114 |
79 |
|
XSS |
2020-09-25 |
2020-09-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573). |
|
16 |
CVE-2020-26113 |
79 |
|
XSS |
2020-09-25 |
2020-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). |
|
17 |
CVE-2020-26112 |
|
|
|
2020-09-25 |
2020-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The email quota cache in cPanel before 90.0.10 allows overwriting of files. |
|
18 |
CVE-2020-26111 |
79 |
|
XSS |
2020-09-25 |
2020-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). |
|
19 |
CVE-2020-26110 |
79 |
|
XSS |
2020-09-25 |
2020-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). |
|
20 |
CVE-2020-26109 |
|
|
Bypass |
2020-09-25 |
2020-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). |
|
21 |
CVE-2020-26108 |
|
|
Exec Code |
2020-09-25 |
2020-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). |
|
22 |
CVE-2020-26107 |
326 |
|
|
2020-09-25 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). |
|
23 |
CVE-2020-26106 |
532 |
|
|
2020-09-25 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). |
|
24 |
CVE-2020-26105 |
522 |
|
|
2020-09-25 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). |
|
25 |
CVE-2020-26104 |
922 |
|
|
2020-09-25 |
2020-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). |
|
26 |
CVE-2020-26103 |
521 |
|
|
2020-09-25 |
2020-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). |
|
27 |
CVE-2020-26102 |
863 |
|
|
2020-09-25 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). |
|
28 |
CVE-2020-26101 |
522 |
|
|
2020-09-25 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). |
|
29 |
CVE-2020-26100 |
|
|
|
2020-09-25 |
2020-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). |
|
30 |
CVE-2020-26099 |
|
|
Bypass |
2020-09-25 |
2020-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). |
|
31 |
CVE-2020-26098 |
|
|
Exec Code |
2020-09-25 |
2020-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). |
|
32 |
CVE-2020-26088 |
276 |
|
Bypass |
2020-09-24 |
2022-04-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. |
|
33 |
CVE-2020-26043 |
79 |
|
XSS |
2020-09-30 |
2020-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php |
|
34 |
CVE-2020-26042 |
89 |
|
Sql |
2020-09-30 |
2020-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php |
|
35 |
CVE-2020-26041 |
|
|
Exec Code |
2020-09-30 |
2020-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php |
|
36 |
CVE-2020-25869 |
863 |
|
+Info |
2020-09-27 |
2022-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki. |
|
37 |
CVE-2020-25830 |
79 |
|
XSS |
2020-09-30 |
2020-10-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php. |
|
38 |
CVE-2020-25828 |
79 |
|
XSS |
2020-09-27 |
2022-01-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.) |
|
39 |
CVE-2020-25827 |
307 |
|
|
2020-09-27 |
2022-01-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently. |
|
40 |
CVE-2020-25826 |
269 |
|
+Priv |
2020-09-23 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. |
|
41 |
CVE-2020-25821 |
476 |
|
|
2020-09-23 |
2020-09-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
|
42 |
CVE-2020-25816 |
|
|
|
2020-09-30 |
2021-09-07 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4. |
|
43 |
CVE-2020-25815 |
79 |
|
XSS |
2020-09-27 |
2022-01-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text(). |
|
44 |
CVE-2020-25814 |
79 |
|
XSS |
2020-09-27 |
2022-01-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked. |
|
45 |
CVE-2020-25813 |
|
|
|
2020-09-27 |
2022-01-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. |
|
46 |
CVE-2020-25812 |
79 |
|
XSS |
2020-09-27 |
2022-01-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML. |
|
47 |
CVE-2020-25796 |
129 |
|
|
2020-09-19 |
2021-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement. |
|
48 |
CVE-2020-25795 |
401 |
|
|
2020-09-19 |
2021-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic. |
|
49 |
CVE-2020-25794 |
401 |
|
|
2020-09-19 |
2021-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic. |
|
50 |
CVE-2020-25793 |
129 |
|
|
2020-09-19 |
2021-01-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>. |
