CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2020 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-26163 2020-09-30 2020-10-15
6.8
None Remote Medium Not required Partial Partial Partial
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
2 CVE-2020-26158 79 Exec Code XSS 2020-09-30 2020-10-05
6.8
None Remote Medium Not required Partial Partial Partial
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.
3 CVE-2020-26157 79 Exec Code XSS 2020-09-30 2020-10-05
6.8
None Remote Medium Not required Partial Partial Partial
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.
4 CVE-2020-26154 120 Overflow 2020-09-30 2020-11-29
6.8
None Remote Medium Not required Partial Partial Partial
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
5 CVE-2020-26137 74 2020-09-30 2022-07-25
6.4
None Remote Low Not required Partial Partial None
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
6 CVE-2020-26116 116 2020-09-27 2021-12-07
6.4
None Remote Low Not required Partial Partial None
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
7 CVE-2020-26108 Exec Code 2020-09-25 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
8 CVE-2020-26100 2020-09-25 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).
9 CVE-2020-26098 Exec Code 2020-09-25 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
10 CVE-2020-26042 89 Sql 2020-09-30 2020-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php
11 CVE-2020-26041 Exec Code 2020-09-30 2020-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php
12 CVE-2020-25826 269 +Priv 2020-09-23 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe.
13 CVE-2020-25790 434 Exec Code 2020-09-19 2020-10-20
6.5
None Remote Low ??? Partial Partial Partial
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2.
14 CVE-2020-25788 829 2020-09-19 2020-09-29
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.
15 CVE-2020-25787 20 2020-09-19 2021-03-15
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
16 CVE-2020-25775 362 2020-09-29 2020-10-07
6.3
None Local Medium Not required None Complete Complete
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.
17 CVE-2020-25773 415 Exec Code 2020-09-29 2020-10-02
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file.
18 CVE-2020-25763 434 Exec Code 2020-09-30 2020-10-08
7.5
None Remote Low Not required Partial Partial Partial
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.
19 CVE-2020-25762 89 Sql Bypass 2020-09-30 2020-10-08
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc.
20 CVE-2020-25760 89 Sql 2020-09-30 2022-01-01
6.5
None Remote Low ??? Partial Partial Partial
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
21 CVE-2020-25756 120 Overflow 2020-09-18 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice."
22 CVE-2020-25751 89 Sql 2020-09-18 2020-09-24
6.5
None Remote Low ??? Partial Partial Partial
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.
23 CVE-2020-25749 798 2020-09-25 2020-10-08
10.0
None Remote Low Not required Complete Complete Complete
The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.
24 CVE-2020-25748 319 2020-09-25 2020-10-08
6.8
None Remote Medium Not required Partial Partial Partial
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.
25 CVE-2020-25747 287 2020-09-25 2021-07-21
9.0
None Remote Low Not required Partial Partial Complete
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.
26 CVE-2020-25728 640 2020-09-17 2020-09-25
6.5
None Remote Low ??? Partial Partial Partial
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.
27 CVE-2020-25614 20 DoS 2020-09-16 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.
28 CVE-2020-25597 119 DoS Overflow 2020-09-23 2020-11-11
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable.
29 CVE-2020-25595 269 DoS +Info 2020-09-23 2020-11-11
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.
30 CVE-2020-25576 704 2020-09-14 2020-09-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.
31 CVE-2020-25575 843 2020-09-14 2022-01-01
7.5
None Remote Low Not required Partial Partial Partial
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010.
32 CVE-2020-25573 824 2020-09-14 2020-09-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint.
33 CVE-2020-25559 415 Exec Code 2020-09-16 2020-09-21
6.8
None Remote Medium Not required Partial Partial Partial
gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.
34 CVE-2020-25490 347 2020-09-17 2020-09-25
7.5
None Remote Low Not required Partial Partial Partial
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.
35 CVE-2020-25489 787 Overflow 2020-09-17 2020-09-24
7.5
None Remote Low Not required Partial Partial Partial
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.
36 CVE-2020-25453 352 Exec Code Bypass CSRF 2020-09-15 2022-01-01
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.
37 CVE-2020-25412 787 Exec Code 2020-09-16 2022-01-01
7.5
None Remote Low Not required Partial Partial Partial
com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.
38 CVE-2020-25379 89 Sql 2020-09-14 2020-09-18
6.5
None Remote Low ??? Partial Partial Partial
Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query.
39 CVE-2020-25291 787 2020-09-13 2020-09-17
6.8
None Remote Medium Not required Partial Partial Partial
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
40 CVE-2020-25287 434 Exec Code 2020-09-13 2020-09-17
6.5
None Remote Low ??? Partial Partial Partial
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request.
41 CVE-2020-25283 863 Bypass 2020-09-11 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020).
42 CVE-2020-25282 863 Bypass 2020-09-11 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020).
43 CVE-2020-25279 120 Exec Code Overflow 2020-09-11 2020-09-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020).
44 CVE-2020-25278 787 Exec Code 2020-09-11 2020-09-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225, SVE-2020-18301 (September 2020).
45 CVE-2020-25276 295 2020-09-11 2020-09-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.)
46 CVE-2020-25269 416 2020-09-11 2020-09-20
6.8
None Remote Low ??? None None Complete
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.
47 CVE-2020-25260 502 Exec Code 2020-09-11 2022-06-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization.
48 CVE-2020-25259 502 2020-09-11 2022-06-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner.
49 CVE-2020-25258 502 Exec Code 2020-09-11 2022-06-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages.
50 CVE-2020-25257 611 2020-09-11 2022-06-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files.
Total number of vulnerabilities : 610   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.