CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2020 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-26108 Exec Code 2020-09-25 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
2 CVE-2020-26100 2020-09-25 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).
3 CVE-2020-26098 Exec Code 2020-09-25 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
4 CVE-2020-26042 89 Sql 2020-09-30 2020-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php
5 CVE-2020-26041 Exec Code 2020-09-30 2020-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php
6 CVE-2020-25826 269 +Priv 2020-09-23 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe.
7 CVE-2020-25787 20 2020-09-19 2021-03-15
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
8 CVE-2020-25763 434 Exec Code 2020-09-30 2020-10-08
7.5
None Remote Low Not required Partial Partial Partial
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.
9 CVE-2020-25756 120 Overflow 2020-09-18 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice."
10 CVE-2020-25749 798 2020-09-25 2020-10-08
10.0
None Remote Low Not required Complete Complete Complete
The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.
11 CVE-2020-25747 287 2020-09-25 2021-07-21
9.0
None Remote Low Not required Partial Partial Complete
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.
12 CVE-2020-25614 20 DoS 2020-09-16 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.
13 CVE-2020-25576 704 2020-09-14 2020-09-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.
14 CVE-2020-25575 843 2020-09-14 2022-01-01
7.5
None Remote Low Not required Partial Partial Partial
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010.
15 CVE-2020-25573 824 2020-09-14 2020-09-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint.
16 CVE-2020-25490 347 2020-09-17 2020-09-25
7.5
None Remote Low Not required Partial Partial Partial
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.
17 CVE-2020-25489 787 Overflow 2020-09-17 2020-09-24
7.5
None Remote Low Not required Partial Partial Partial
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.
18 CVE-2020-25412 787 Exec Code 2020-09-16 2022-01-01
7.5
None Remote Low Not required Partial Partial Partial
com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.
19 CVE-2020-25283 863 Bypass 2020-09-11 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020).
20 CVE-2020-25282 863 Bypass 2020-09-11 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020).
21 CVE-2020-25279 120 Exec Code Overflow 2020-09-11 2020-09-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020).
22 CVE-2020-25278 787 Exec Code 2020-09-11 2020-09-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225, SVE-2020-18301 (September 2020).
23 CVE-2020-25260 502 Exec Code 2020-09-11 2022-06-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization.
24 CVE-2020-25259 502 2020-09-11 2022-06-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner.
25 CVE-2020-25258 502 Exec Code 2020-09-11 2022-06-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages.
26 CVE-2020-25257 611 2020-09-11 2022-06-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files.
27 CVE-2020-25254 89 Sql 2020-09-11 2022-06-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer.
28 CVE-2020-25253 89 Sql 2020-09-11 2022-06-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter.
29 CVE-2020-25223 Exec Code 2020-09-25 2021-12-10
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
30 CVE-2020-25221 672 2020-09-10 2020-10-01
7.2
None Local Low Not required Complete Complete Complete
get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.
31 CVE-2020-25220 416 2020-09-10 2021-01-20
7.2
None Local Low Not required Complete Complete Complete
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.
32 CVE-2020-25216 91 Exec Code 2020-09-17 2020-09-24
7.5
None Remote Low Not required Partial Partial Partial
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet.
33 CVE-2020-25215 611 2020-09-17 2020-09-24
7.5
None Remote Low Not required Partial Partial Partial
yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document.
34 CVE-2020-25213 434 Exec Code 2020-09-09 2022-01-01
7.5
None Remote Low Not required Partial Partial Partial
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
35 CVE-2020-25147 89 Sql 2020-09-25 2020-09-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php.
36 CVE-2020-25132 89 Sql Bypass 2020-09-25 2020-09-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php.
37 CVE-2020-25079 2020-09-02 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection.
38 CVE-2020-25069 Exec Code 2020-09-01 2020-09-04
7.5
None Remote Low Not required Partial Partial Partial
USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view.
39 CVE-2020-25023 119 Overflow 2020-09-04 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access.
40 CVE-2020-25022 119 Overflow 2020-09-04 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access.
41 CVE-2020-25021 119 Overflow 2020-09-04 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access.
42 CVE-2020-25006 89 Exec Code Sql 2020-09-03 2020-09-04
7.5
None Remote Low Not required Partial Partial Partial
Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code.
43 CVE-2020-25005 89 Exec Code Sql 2020-09-03 2020-09-04
7.5
None Remote Low Not required Partial Partial Partial
Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code.
44 CVE-2020-25004 89 Exec Code Sql 2020-09-03 2020-09-04
7.5
None Remote Low Not required Partial Partial Partial
Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code.
45 CVE-2020-24986 434 Exec Code 2020-09-04 2021-11-01
9.0
None Remote Low ??? Complete Complete Complete
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
46 CVE-2020-24978 415 2020-09-04 2020-09-11
7.5
None Remote Low Not required Partial Partial Partial
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.
47 CVE-2020-24955 269 2020-09-01 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstrated by a crafted ualapi.dll file that is detected as malware.
48 CVE-2020-24949 269 Exec Code 2020-09-03 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
49 CVE-2020-24916 78 2020-09-09 2020-10-17
10.0
None Remote Low Not required Complete Complete Complete
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
50 CVE-2020-24753 20 Exec Code Mem. Corr. 2020-09-17 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption.
Total number of vulnerabilities : 348   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.