| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
51 |
CVE-2020-27638 |
617 |
|
DoS |
2020-10-22 |
2022-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. |
|
52 |
CVE-2020-27621 |
|
|
|
2020-10-22 |
2020-11-02 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension. |
|
53 |
CVE-2020-27620 |
79 |
|
XSS |
2020-10-22 |
2020-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups. |
|
54 |
CVE-2020-27619 |
|
|
|
2020-10-22 |
2022-06-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. |
|
55 |
CVE-2020-27615 |
89 |
|
Sql XSS |
2020-10-21 |
2020-10-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip. |
|
56 |
CVE-2020-27613 |
312 |
|
|
2020-10-21 |
2020-10-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. |
|
57 |
CVE-2020-27612 |
200 |
|
+Info |
2020-10-21 |
2020-10-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window. |
|
58 |
CVE-2020-27611 |
327 |
|
|
2020-10-21 |
2022-06-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. |
|
59 |
CVE-2020-27610 |
200 |
|
+Info |
2020-10-21 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access. |
|
60 |
CVE-2020-27609 |
863 |
|
|
2020-10-21 |
2020-10-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant. |
|
61 |
CVE-2020-27608 |
79 |
|
XSS |
2020-10-21 |
2020-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document. |
|
62 |
CVE-2020-27607 |
|
|
|
2020-10-21 |
2020-10-29 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or transmit it to one or more meeting participants or other third parties. |
|
63 |
CVE-2020-27606 |
|
|
|
2020-10-21 |
2020-10-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |
|
64 |
CVE-2020-27605 |
|
|
|
2020-10-21 |
2020-10-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox." |
|
65 |
CVE-2020-27604 |
116 |
|
|
2020-10-21 |
2020-10-30 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arbitrary meeting regardless of its guestPolicy setting. |
|
66 |
CVE-2020-27603 |
|
|
|
2020-10-21 |
2020-10-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files. |
|
67 |
CVE-2020-27560 |
369 |
|
DoS |
2020-10-22 |
2022-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. |
|
68 |
CVE-2020-27533 |
79 |
|
XSS |
2020-10-22 |
2022-06-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. |
|
69 |
CVE-2020-27388 |
79 |
|
XSS |
2020-10-23 |
2020-10-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues. |
|
70 |
CVE-2020-27344 |
79 |
|
XSS |
2020-10-21 |
2020-10-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. |
|
71 |
CVE-2020-27216 |
|
|
Exec Code |
2020-10-23 |
2022-03-01 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. |
|
72 |
CVE-2020-27197 |
918 |
|
|
2020-10-17 |
2020-10-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise ... to the lxml group." |
|
73 |
CVE-2020-27195 |
|
|
|
2020-10-22 |
2020-11-02 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6 |
|
74 |
CVE-2020-27194 |
119 |
|
Overflow |
2020-10-16 |
2020-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a. |
|
75 |
CVE-2020-27187 |
|
|
Exec Code +Priv |
2020-10-26 |
2022-04-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges. |
|
76 |
CVE-2020-27183 |
200 |
|
+Info |
2020-10-27 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact. |
|
77 |
CVE-2020-27182 |
79 |
|
XSS |
2020-10-27 |
2020-10-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form. |
|
78 |
CVE-2020-27181 |
326 |
|
|
2020-10-27 |
2021-07-21 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. |
|
79 |
CVE-2020-27180 |
200 |
|
+Info |
2020-10-27 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. |
|
80 |
CVE-2020-27179 |
640 |
|
|
2020-10-27 |
2020-11-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens. |
|
81 |
CVE-2020-27178 |
287 |
|
|
2020-10-16 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication. |
|
82 |
CVE-2020-27176 |
79 |
|
Exec Code XSS |
2020-10-16 |
2020-10-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product. |
|
83 |
CVE-2020-27174 |
119 |
|
Overflow |
2020-10-16 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host. |
|
84 |
CVE-2020-27173 |
119 |
|
Overflow |
2020-10-16 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host. |
|
85 |
CVE-2020-27163 |
79 |
|
XSS |
2020-10-16 |
2020-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter. |
|
86 |
CVE-2020-27160 |
22 |
|
Exec Code Dir. Trav. |
2020-10-27 |
2021-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). |
|
87 |
CVE-2020-27159 |
78 |
|
Exec Code |
2020-10-27 |
2021-12-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 |
|
88 |
CVE-2020-27158 |
78 |
|
Exec Code |
2020-10-27 |
2021-12-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. |
|
89 |
CVE-2020-27157 |
294 |
|
Bypass |
2020-10-15 |
2020-10-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account. |
|
90 |
CVE-2020-27156 |
863 |
|
Exec Code |
2020-10-15 |
2020-10-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user. |
|
91 |
CVE-2020-27155 |
|
|
|
2020-10-22 |
2020-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one. |
|
92 |
CVE-2020-27153 |
415 |
|
DoS Exec Code |
2020-10-15 |
2022-04-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. |
|
93 |
CVE-2020-27015 |
209 |
|
Exec Code +Info |
2020-10-30 |
2020-11-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. |
|
94 |
CVE-2020-27014 |
367 |
|
Exec Code |
2020-10-30 |
2020-11-05 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. |
|
95 |
CVE-2020-27013 |
|
|
Exec Code |
2020-10-14 |
2020-10-26 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
96 |
CVE-2020-26948 |
918 |
|
|
2020-10-10 |
2020-10-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter. |
|
97 |
CVE-2020-26947 |
427 |
|
+Priv |
2020-10-10 |
2022-04-28 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directory in an embedded RPATH (with a preference ahead of /usr/lib), which allows local users to gain privileges via a Trojan horse library in the current working directory. |
|
98 |
CVE-2020-26945 |
502 |
|
|
2020-10-10 |
2020-10-26 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
MyBatis before 3.5.6 mishandles deserialization of object streams. |
|
99 |
CVE-2020-26944 |
89 |
|
Sql |
2020-10-16 |
2020-10-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page (aka cse?cmd=LOGIN). This can be exploited directly, and remotely. |
|
100 |
CVE-2020-26943 |
|
|
Exec Code |
2020-10-16 |
2020-10-27 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected. |
