| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-26163 |
|
|
|
2020-09-30 |
2020-10-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. |
|
2 |
CVE-2020-26158 |
79 |
|
Exec Code XSS |
2020-09-30 |
2020-10-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration. |
|
3 |
CVE-2020-26157 |
79 |
|
Exec Code XSS |
2020-09-30 |
2020-10-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration. |
|
4 |
CVE-2020-26154 |
120 |
|
Overflow |
2020-09-30 |
2020-11-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. |
|
5 |
CVE-2020-26137 |
74 |
|
|
2020-09-30 |
2022-07-25 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. |
|
6 |
CVE-2020-26116 |
116 |
|
|
2020-09-27 |
2021-12-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. |
|
7 |
CVE-2020-26108 |
|
|
Exec Code |
2020-09-25 |
2020-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). |
|
8 |
CVE-2020-26100 |
|
|
|
2020-09-25 |
2020-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). |
|
9 |
CVE-2020-26098 |
|
|
Exec Code |
2020-09-25 |
2020-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). |
|
10 |
CVE-2020-26042 |
89 |
|
Sql |
2020-09-30 |
2020-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php |
|
11 |
CVE-2020-26041 |
|
|
Exec Code |
2020-09-30 |
2020-10-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php |
|
12 |
CVE-2020-25826 |
269 |
|
+Priv |
2020-09-23 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. |
|
13 |
CVE-2020-25790 |
434 |
|
Exec Code |
2020-09-19 |
2020-10-20 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2. |
|
14 |
CVE-2020-25788 |
829 |
|
|
2020-09-19 |
2020-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message. |
|
15 |
CVE-2020-25787 |
20 |
|
|
2020-09-19 |
2021-03-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them. |
|
16 |
CVE-2020-25775 |
362 |
|
|
2020-09-29 |
2020-10-07 |
6.3 |
None |
Local |
Medium |
Not required |
None |
Complete |
Complete |
|
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges. |
|
17 |
CVE-2020-25773 |
415 |
|
Exec Code |
2020-09-29 |
2020-10-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file. |
|
18 |
CVE-2020-25763 |
434 |
|
Exec Code |
2020-09-30 |
2020-10-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files. |
|
19 |
CVE-2020-25762 |
89 |
|
Sql Bypass |
2020-09-30 |
2020-10-08 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc. |
|
20 |
CVE-2020-25760 |
89 |
|
Sql |
2020-09-30 |
2022-01-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. |
|
21 |
CVE-2020-25756 |
120 |
|
Overflow |
2020-09-18 |
2020-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice." |
|
22 |
CVE-2020-25751 |
89 |
|
Sql |
2020-09-18 |
2020-09-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. |
|
23 |
CVE-2020-25749 |
798 |
|
|
2020-09-25 |
2020-10-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality. |
|
24 |
CVE-2020-25748 |
319 |
|
|
2020-09-25 |
2020-10-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values. |
|
25 |
CVE-2020-25747 |
287 |
|
|
2020-09-25 |
2021-07-21 |
9.0 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Complete |
|
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings. |
|
26 |
CVE-2020-25728 |
640 |
|
|
2020-09-17 |
2020-09-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. |
|
27 |
CVE-2020-25614 |
20 |
|
DoS |
2020-09-16 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact. |
|
28 |
CVE-2020-25597 |
119 |
|
DoS Overflow |
2020-09-23 |
2020-11-11 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable. |
|
29 |
CVE-2020-25595 |
269 |
|
DoS +Info |
2020-09-23 |
2020-11-11 |
6.1 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Complete |
|
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does. |
|
30 |
CVE-2020-25576 |
704 |
|
|
2020-09-14 |
2020-09-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints. |
|
31 |
CVE-2020-25575 |
843 |
|
|
2020-09-14 |
2022-01-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010. |
|
32 |
CVE-2020-25573 |
824 |
|
|
2020-09-14 |
2020-09-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint. |
|
33 |
CVE-2020-25559 |
415 |
|
Exec Code |
2020-09-16 |
2020-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution. |
|
34 |
CVE-2020-25490 |
347 |
|
|
2020-09-17 |
2020-09-25 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. |
|
35 |
CVE-2020-25489 |
787 |
|
Overflow |
2020-09-17 |
2020-09-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption. |
|
36 |
CVE-2020-25453 |
352 |
|
Exec Code Bypass CSRF |
2020-09-15 |
2022-01-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution. |
|
37 |
CVE-2020-25412 |
787 |
|
Exec Code |
2020-09-16 |
2022-01-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution. |
|
38 |
CVE-2020-25379 |
89 |
|
Sql |
2020-09-14 |
2020-09-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. |
|
39 |
CVE-2020-25291 |
787 |
|
|
2020-09-13 |
2020-09-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x. |
|
40 |
CVE-2020-25287 |
434 |
|
Exec Code |
2020-09-13 |
2020-09-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. |
|
41 |
CVE-2020-25283 |
863 |
|
Bypass |
2020-09-11 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020). |
|
42 |
CVE-2020-25282 |
863 |
|
Bypass |
2020-09-11 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020). |
|
43 |
CVE-2020-25279 |
120 |
|
Exec Code Overflow |
2020-09-11 |
2020-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020). |
|
44 |
CVE-2020-25278 |
787 |
|
Exec Code |
2020-09-11 |
2020-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225, SVE-2020-18301 (September 2020). |
|
45 |
CVE-2020-25276 |
295 |
|
|
2020-09-11 |
2020-09-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.) |
|
46 |
CVE-2020-25269 |
416 |
|
|
2020-09-11 |
2020-09-20 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. |
|
47 |
CVE-2020-25260 |
502 |
|
Exec Code |
2020-09-11 |
2022-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization. |
|
48 |
CVE-2020-25259 |
502 |
|
|
2020-09-11 |
2022-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner. |
|
49 |
CVE-2020-25258 |
502 |
|
Exec Code |
2020-09-11 |
2022-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages. |
|
50 |
CVE-2020-25257 |
611 |
|
|
2020-09-11 |
2022-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files. |
