CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2020-20298 Exec Code 2020-12-18 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands.
952 CVE-2020-20285 79 XSS 2020-12-18 2020-12-22
3.5
None Remote Medium ??? None Partial None
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
953 CVE-2020-20277 22 Exec Code Dir. Trav. 2020-12-18 2020-12-22
7.5
None Remote Low Not required Partial Partial Partial
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution.
954 CVE-2020-20276 787 Exec Code Overflow 2020-12-18 2020-12-22
7.5
None Remote Low Not required Partial Partial Partial
An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution.
955 CVE-2020-20189 89 Sql 2020-12-14 2020-12-15
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php.
956 CVE-2020-20184 Exec Code 2020-12-14 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection.
957 CVE-2020-20183 862 +Priv 2020-12-14 2021-07-21
5.0
None Remote Low Not required Partial None None
Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.
958 CVE-2020-20142 79 XSS 2020-12-17 2020-12-18
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.
959 CVE-2020-20141 79 XSS 2020-12-17 2020-12-18
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
960 CVE-2020-20140 79 XSS 2020-12-17 2020-12-18
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.
961 CVE-2020-20139 79 XSS 2020-12-17 2020-12-18
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
962 CVE-2020-20138 79 XSS 2020-12-17 2020-12-18
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.
963 CVE-2020-20136 502 2020-12-14 2020-12-15
7.5
None Remote Low Not required Partial Partial Partial
QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library.
964 CVE-2020-19664 88 Exec Code 2020-12-31 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi.
965 CVE-2020-19527 78 Exec Code 2020-12-10 2020-12-11
10.0
None Remote Low Not required Complete Complete Complete
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
966 CVE-2020-19165 89 Sql 2020-12-11 2020-12-14
7.5
None Remote Low Not required Partial Partial Partial
PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 userlevel_id[] parameter.
967 CVE-2020-19142 78 Exec Code 2020-12-10 2020-12-11
10.0
None Remote Low Not required Complete Complete Complete
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
968 CVE-2020-17533 732 2020-12-29 2020-12-30
5.5
None Remote Low ??? None Partial Partial
Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and 'canPerformSystemActions' security functions are not checked in some instances, therefore allowing an authenticated user with insufficient permissions to perform the following actions: flushing a table, shutting down Accumulo or an individual tablet server, and setting or removing system-wide Accumulo configuration properties.
969 CVE-2020-17531 502 2020-12-08 2021-01-15
7.5
None Remote Low Not required Partial Partial Partial
A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to address this issue will be released. Apache Tapestry 5 versions are not vulnerable to this issue. Users of Apache Tapestry 4 should upgrade to the latest Apache Tapestry 5 version.
970 CVE-2020-17530 917 Exec Code 2020-12-11 2022-06-03
7.5
None Remote Low Not required Partial Partial Partial
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
971 CVE-2020-17529 787 2020-12-09 2020-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both CONFIG_EXPERIMENTAL and CONFIG_NET_TCP_REASSEMBLY build flags enabled.
972 CVE-2020-17528 787 2020-12-09 2020-12-16
6.4
None Remote Low Not required Partial None Partial
Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.
973 CVE-2020-17527 200 +Info 2020-12-03 2022-05-12
5.0
None Remote Low Not required Partial None None
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
974 CVE-2020-17526 2020-12-21 2022-04-26
3.5
None Remote Medium ??? Partial None None
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.
975 CVE-2020-17521 2020-12-07 2022-05-12
2.1
None Local Low Not required Partial None None
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
976 CVE-2020-17520 732 Bypass 2020-12-18 2021-07-21
4.0
None Remote Low ??? Partial None None
In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.
977 CVE-2020-17515 79 XSS 2020-12-11 2021-05-04
4.3
None Remote Medium Not required None Partial None
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.
978 CVE-2020-17513 918 2020-12-14 2020-12-15
5.0
None Remote Low Not required None Partial None
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.
979 CVE-2020-17511 312 2020-12-14 2020-12-15
4.0
None Remote Low ??? Partial None None
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.
980 CVE-2020-17470 20 2020-12-11 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.
981 CVE-2020-17469 125 2020-12-11 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference to the previous one (which supposedly resides in the reassembly list). When faced with an incoming fragment that belongs to a non-empty fragment list, IPv6 reassembly must check that there are no empty holes between the fragments: this leads to an uninitialized pointer dereference in _fnet_ip6_reassembly in fnet_ip6.c, and causes Denial-of-Service.
982 CVE-2020-17468 125 2020-12-11 2020-12-17
5.0
None Remote Low Not required None None Partial
An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn't check for a valid length of an extension header, and therefore an out-of-bounds read can occur in _fnet_ip6_ext_header_handler_options in fnet_ip6.c, leading to Denial-of-Service.
983 CVE-2020-17467 125 2020-12-11 2020-12-18
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lead to Information Disclosure in _fnet_llmnr_poll in fnet_llmnr.c during a response to a malicious request of the DNS class IN.
984 CVE-2020-17445 125 2020-12-11 2020-12-14
5.0
None Remote Low Not required None None Partial
An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 destination options does not check for a valid length of the destination options header. This results in an Out-of-Bounds Read, and, depending on the memory protection mechanism, this may result in Denial-of-Service in pico_ipv6_process_destopt() in pico_ipv6.c.
985 CVE-2020-17444 190 Overflow 2020-12-11 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in picoTCP 1.7.0. The routine for processing the next header field (and deducing whether the IPv6 extension headers are valid) doesn't check whether the header extension length field would overflow. Therefore, if it wraps around to zero, iterating through the extension headers will not increment the current data pointer. This leads to an infinite loop and Denial-of-Service in pico_ipv6_check_headers_sequence() in pico_ipv6.c.
986 CVE-2020-17443 190 Mem. Corr. 2020-12-11 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in picoTCP 1.7.0. The code for creating an ICMPv6 echo replies doesn't check whether the ICMPv6 echo request packet's size is shorter than 8 bytes. If the size of the incoming ICMPv6 request packet is shorter than this, the operation that calculates the size of the ICMPv6 echo replies has an integer wrap around, leading to memory corruption and, eventually, Denial-of-Service in pico_icmp6_send_echoreply_not_frag in pico_icmp6.c.
987 CVE-2020-17442 190 2020-12-11 2020-12-14
5.0
None Remote Low Not required None None Partial
An issue was discovered in picoTCP 1.7.0. The code for parsing the hop-by-hop IPv6 extension headers does not validate the bounds of the extension header length value, which may result in Integer Wraparound. Therefore, a crafted extension header length value may cause Denial-of-Service because it affects the loop in which the extension headers are parsed in pico_ipv6_process_hopbyhop() in pico_ipv6.c.
988 CVE-2020-17441 125 2020-12-11 2020-12-14
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c).
989 CVE-2020-17440 2020-12-11 2020-12-15
5.0
None Remote Low Not required None None Partial
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' termination. This results in errors when calculating the offset of the pointer that jumps over domain name bytes in DNS response packets when a name lacks this termination, and eventually leads to dereferencing the pointer at an invalid/arbitrary address, within newdata() and parse_name() in resolv.c.
990 CVE-2020-17439 20 2020-12-11 2020-12-15
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing DNS query with a transaction ID that matches the transaction ID of an incoming reply. Provided that the default DNS cache is quite small (only four records) and that the transaction ID has a very limited set of values that is quite easy to guess, this can lead to DNS cache poisoning.
991 CVE-2020-17438 787 DoS Exec Code 2020-12-11 2020-12-15
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.
992 CVE-2020-17437 787 2020-12-11 2021-03-09
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c.
993 CVE-2020-17363 78 Exec Code 2020-12-31 2021-01-05
9.0
None Remote Low ??? Complete Complete Complete
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.
994 CVE-2020-17159 94 Exec Code 2020-12-10 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
995 CVE-2020-17158 94 Exec Code 2020-12-10 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17152.
996 CVE-2020-17156 94 Exec Code 2020-12-10 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Remote Code Execution Vulnerability
997 CVE-2020-17153 20 2020-12-10 2021-07-21
5.8
None Remote Medium Not required Partial Partial None
Microsoft Edge for Android Spoofing Vulnerability
998 CVE-2020-17152 94 Exec Code 2020-12-10 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17158.
999 CVE-2020-17150 94 Exec Code 2020-12-10 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Code Remote Code Execution Vulnerability
1000 CVE-2020-17148 94 Exec Code 2020-12-10 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Total number of vulnerabilities : 1530   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 (This Page)21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.