| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-35590 |
307 |
|
Bypass |
2020-12-21 |
2020-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does not ever reach the maximum allowed retries. |
|
2 |
CVE-2020-35550 |
|
|
Bypass |
2020-12-18 |
2020-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020). |
|
3 |
CVE-2020-35378 |
89 |
|
Exec Code Sql Bypass |
2020-12-14 |
2020-12-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields. |
|
4 |
CVE-2020-35276 |
89 |
|
Sql Bypass |
2020-12-21 |
2020-12-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user. |
|
5 |
CVE-2020-35208 |
287 |
|
Bypass |
2020-12-12 |
2020-12-15 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
** DISPUTED ** An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary password. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices. |
|
6 |
CVE-2020-35207 |
287 |
|
Bypass |
2020-12-12 |
2020-12-15 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
** DISPUTED ** An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The PIN authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary PIN. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices. |
|
7 |
CVE-2020-35122 |
89 |
|
Sql Bypass |
2020-12-15 |
2020-12-17 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection. |
|
8 |
CVE-2020-29607 |
434 |
|
Exec Code +Priv Bypass |
2020-12-16 |
2022-02-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution. |
|
9 |
CVE-2020-29563 |
287 |
|
Bypass |
2020-12-12 |
2022-08-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device. |
|
10 |
CVE-2020-29529 |
22 |
|
Dir. Trav. Bypass |
2020-12-03 |
2021-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0. |
|
11 |
CVE-2020-29282 |
89 |
|
Sql Bypass |
2020-12-02 |
2020-12-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication. |
|
12 |
CVE-2020-29204 |
79 |
|
XSS Bypass |
2020-12-27 |
2020-12-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. |
|
13 |
CVE-2020-29189 |
863 |
|
Bypass |
2020-12-24 |
2021-07-21 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS |
|
14 |
CVE-2020-29158 |
863 |
|
Bypass |
2020-12-28 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view. |
|
15 |
CVE-2020-29136 |
307 |
|
Bypass |
2020-11-27 |
2022-04-26 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). |
|
16 |
CVE-2020-28971 |
287 |
|
Exec Code Bypass |
2020-12-01 |
2022-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths. |
|
17 |
CVE-2020-28970 |
287 |
|
Exec Code Bypass |
2020-12-01 |
2022-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.) |
|
18 |
CVE-2020-28942 |
295 |
|
Bypass |
2020-11-19 |
2020-12-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA. |
|
19 |
CVE-2020-28940 |
287 |
|
Exec Code Bypass |
2020-12-01 |
2022-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device. |
|
20 |
CVE-2020-28856 |
290 |
|
Bypass |
2020-12-14 |
2020-12-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls. |
|
21 |
CVE-2020-28460 |
1321 |
|
Bypass |
2020-12-22 |
2022-12-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448. |
|
22 |
CVE-2020-28371 |
190 |
|
Overflow Bypass |
2020-11-09 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operations. However, an integer overflow leads to bypassing this check and achieving the out-of-bounds access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
|
23 |
CVE-2020-28361 |
444 |
|
Bypass |
2020-11-18 |
2020-12-03 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue. |
|
24 |
CVE-2020-28342 |
|
|
Bypass |
2020-11-08 |
2020-11-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (China / India) software. The S Secure application allows attackers to bypass authentication for a locked Gallery application via the Reminder application. The Samsung ID is SVE-2020-18689 (November 2020). |
|
25 |
CVE-2020-28340 |
|
|
Bypass |
2020-11-08 |
2020-11-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020). |
|
26 |
CVE-2020-28333 |
287 |
|
Bypass |
2020-11-24 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Barco wePresent WiPG-1600W web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history. An attacker that is able to capture the "SEID" and originate requests from the same IP address (via a NAT device or web proxy) would be able to access the user interface of the device without having to know the credentials. |
|
27 |
CVE-2020-28211 |
863 |
|
Bypass |
2020-11-19 |
2022-01-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger. |
|
28 |
CVE-2020-28168 |
918 |
|
Bypass |
2020-11-06 |
2022-09-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. |
|
29 |
CVE-2020-28133 |
89 |
|
+Priv Sql Bypass |
2020-11-17 |
2020-12-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php. |
|
30 |
CVE-2020-28074 |
89 |
|
Sql Bypass |
2020-12-23 |
2020-12-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin. |
|
31 |
CVE-2020-28073 |
89 |
|
Sql Bypass |
2020-12-23 |
2020-12-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. |
|
32 |
CVE-2020-28054 |
200 |
|
Bypass +Info |
2020-11-19 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request. |
|
33 |
CVE-2020-28002 |
287 |
|
Bypass |
2020-11-02 |
2020-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint. |
|
34 |
CVE-2020-27898 |
252 |
|
DoS Bypass |
2020-12-08 |
2021-03-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1. An attacker may be able to bypass Managed Frame Protection. |
|
35 |
CVE-2020-27846 |
115 |
|
Bypass |
2020-12-21 |
2021-03-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. |
|
36 |
CVE-2020-27837 |
362 |
|
Bypass |
2020-12-28 |
2020-12-30 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit. |
|
37 |
CVE-2020-27255 |
122 |
|
Overflow Bypass +Info |
2020-11-26 |
2020-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR). |
|
38 |
CVE-2020-27199 |
287 |
|
Bypass |
2020-12-17 |
2020-12-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user. |
|
39 |
CVE-2020-27157 |
294 |
|
Bypass |
2020-10-15 |
2020-10-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account. |
|
40 |
CVE-2020-27057 |
276 |
|
Bypass |
2020-12-15 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure of gpu statistics with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161903239 |
|
41 |
CVE-2020-27053 |
276 |
|
Bypass |
2020-12-15 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a possible location permission bypass due to a missing permission check. This could lead to local information disclosure of the WiFi network name with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-159371448 |
|
42 |
CVE-2020-27052 |
269 |
|
Bypass |
2020-12-15 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In getLockTaskLaunchMode of ActivityRecord.java, there is a possible way for any app to start in Lock Task Mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158833495 |
|
43 |
CVE-2020-27039 |
276 |
|
Bypass |
2020-12-15 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In postNotification of ServiceRecord.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878498 |
|
44 |
CVE-2020-27034 |
732 |
|
Bypass |
2020-12-15 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In createSimSelectNotification of SimSelectNotification.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153556754 |
|
45 |
CVE-2020-27030 |
269 |
|
Bypass |
2020-12-15 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege that allows an app to set or dismiss the alarm with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150612638 |
|
46 |
CVE-2020-27025 |
200 |
|
Bypass +Info |
2020-12-15 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In EapFailureNotifier.java and SimRequiredNotifier.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156008365 |
|
47 |
CVE-2020-27023 |
200 |
|
Bypass +Info |
2020-12-15 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In setErrorPlaybackState of BluetoothMediaBrowserService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156009462 |
|
48 |
CVE-2020-26958 |
79 |
|
XSS Bypass |
2020-12-09 |
2020-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
|
49 |
CVE-2020-26951 |
79 |
|
XSS Bypass |
2020-12-09 |
2020-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. |
|
50 |
CVE-2020-26928 |
287 |
|
Bypass |
2020-10-09 |
2021-07-21 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. |
