CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2020-26028 863 2020-12-28 2020-12-29
4.0
None Remote Low ??? Partial None None
An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can access Tickets.
802 CVE-2020-25967 94 2020-12-10 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.
803 CVE-2020-25955 79 XSS 2020-12-08 2020-12-10
3.5
None Remote Medium ??? None Partial None
SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the 'add subject' tab.
804 CVE-2020-25917 269 2020-12-26 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with "helpdesk" privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser.do page.
805 CVE-2020-25901 601 2020-12-18 2021-10-18
5.8
None Remote Medium Not required Partial Partial None
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
806 CVE-2020-25889 89 +Priv Sql Bypass 2020-12-08 2020-12-15
7.5
None Remote Low Not required Partial Partial Partial
Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.
807 CVE-2020-25860 367 2020-12-21 2020-12-29
7.1
None Remote High ??? Complete Complete Complete
The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.
808 CVE-2020-25850 2020-12-31 2021-01-08
5.0
None Remote Low Not required Partial None None
The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files.
809 CVE-2020-25848 522 2020-12-31 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with default password generation mechanism.
810 CVE-2020-25847 77 Exec Code 2020-12-29 2020-12-30
6.5
None Remote Low ??? Partial Partial Partial
This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero.
811 CVE-2020-25846 601 2020-12-31 2021-01-06
4.3
None Remote Medium Not required Partial None None
The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
812 CVE-2020-25845 601 2020-12-31 2021-01-06
4.3
None Remote Medium Not required Partial None None
Multiple functions of NHIServiSignAdapter failed to verify the users’ file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
813 CVE-2020-25844 787 Exec Code Overflow 2020-12-31 2021-02-03
7.5
None Remote Low Not required Partial Partial Partial
The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege.
814 CVE-2020-25843 787 Exec Code Overflow 2020-12-31 2021-01-04
7.5
None Remote Low Not required Partial Partial Partial
NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.
815 CVE-2020-25842 311 2020-12-31 2021-01-04
5.0
None Remote Low Not required Partial None None
The encryption function of NHIServiSignAdapter fail to verify the file path input by users. Remote attacker can access arbitrary files through the flaw without privilege.
816 CVE-2020-25838 200 +Info 2020-12-11 2021-07-21
4.0
None Remote Low ??? Partial None None
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.
817 CVE-2020-25799 79 Exec Code XSS 2020-12-31 2021-01-05
3.5
None Remote Medium ??? None Partial None
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
818 CVE-2020-25797 79 Exec Code XSS 2020-12-31 2021-01-05
3.5
None Remote Medium ??? None Partial None
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.
819 CVE-2020-25759 20 Exec Code 2020-12-15 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests.
820 CVE-2020-25758 354 2020-12-15 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root.
821 CVE-2020-25757 20 Exec Code 2020-12-15 2021-07-21
8.3
None Local Network Low Not required Complete Complete Complete
A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17.
822 CVE-2020-25723 617 DoS 2020-12-02 2020-12-28
2.1
None Local Low Not required None None Partial
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service.
823 CVE-2020-25712 122 Overflow 2020-12-15 2020-12-16
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
824 CVE-2020-25711 862 2020-12-03 2022-02-22
4.9
None Remote Medium ??? None Partial Partial
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role.
825 CVE-2020-25704 401 DoS 2020-12-02 2022-01-01
4.9
None Local Low Not required None None Complete
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
826 CVE-2020-25693 787 Overflow 2020-12-03 2021-04-26
5.8
None Remote Medium Not required Partial None Partial
A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity.
827 CVE-2020-25692 476 DoS 2020-12-08 2021-01-08
5.0
None Remote Low Not required None None Partial
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.
828 CVE-2020-25677 312 2020-12-08 2021-03-04
2.1
None Local Low Not required Partial None None
A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality.
829 CVE-2020-25676 190 Overflow 2020-12-08 2021-06-02
4.3
None Remote Medium Not required None None Partial
In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
830 CVE-2020-25675 190 Overflow 2020-12-08 2021-06-02
4.3
None Remote Medium Not required None None Partial
In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.
831 CVE-2020-25674 125 Overflow 2020-12-08 2021-06-02
4.3
None Remote Medium Not required None None Partial
WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.
832 CVE-2020-25667 125 2020-12-08 2021-06-02
4.3
None Remote Medium Not required None None Partial
TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.
833 CVE-2020-25666 190 Overflow 2020-12-08 2021-06-02
4.3
None Remote Medium Not required None None Partial
There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.
834 CVE-2020-25665 125 2020-12-08 2021-06-02
4.3
None Remote Medium Not required None None Partial
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.
835 CVE-2020-25664 787 2020-12-08 2021-12-16
5.8
None Remote Medium Not required None Partial Partial
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.
836 CVE-2020-25663 416 DoS Overflow 2020-12-08 2021-06-02
4.3
None Remote Medium Not required None None Partial
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick versions prior to 7.0.9-0.
837 CVE-2020-25656 416 2020-12-02 2022-04-01
1.9
None Local Medium Not required Partial None None
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
838 CVE-2020-25649 611 2020-12-03 2022-05-10
5.0
None Remote Low Not required None Partial None
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
839 CVE-2020-25638 89 Sql 2020-12-02 2022-05-10
5.8
None Remote Medium Not required Partial Partial None
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
840 CVE-2020-25631 79 XSS 2020-12-08 2020-12-08
4.3
None Remote Medium Not required None Partial None
A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8.
841 CVE-2020-25630 400 DoS 2020-12-08 2020-12-08
5.0
None Remote Low Not required None None Partial
A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
842 CVE-2020-25629 284 2020-12-08 2020-12-08
6.5
None Remote Low ??? Partial Partial Partial
A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. This is fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
843 CVE-2020-25628 79 XSS 2020-12-08 2020-12-08
4.3
None Remote Medium Not required None Partial None
The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
844 CVE-2020-25627 79 XSS 2020-12-09 2020-12-10
4.3
None Remote Medium Not required None Partial None
The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2.
845 CVE-2020-25622 352 CSRF 2020-12-16 2020-12-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF.
846 CVE-2020-25621 287 2020-12-16 2021-07-21
2.1
None Local Low Not required Partial None None
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords.
847 CVE-2020-25620 798 2020-12-16 2020-12-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to the N-Central Administrative Console (NAC) and/or the regular web interface.
848 CVE-2020-25619 2020-12-16 2020-12-21
3.6
None Local Low Not required Partial Partial None
An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwarding with a temporary key pair) to access network services on the 127.0.0.1 interface, even though this feature was only intended for user-to-agent communication.
849 CVE-2020-25618 78 2020-12-16 2020-12-21
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use of root privileges is not limited to specific programs listed in the sudoers file).
850 CVE-2020-25617 22 Exec Code Dir. Trav. 2020-12-16 2020-12-18
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root.
Total number of vulnerabilities : 1530   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (This Page)18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.