CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2020-35612 22 Dir. Trav. 2020-12-28 2020-12-30
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
202 CVE-2020-35611 200 +Info 2020-12-28 2020-12-30
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
203 CVE-2020-35610 2020-12-28 2020-12-30
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.
204 CVE-2020-35609 74 DoS 2020-12-22 2021-07-21
2.1
None Local Low Not required None None Partial
A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability.
205 CVE-2020-35608 74 Exec Code 2020-12-22 2020-12-23
7.2
None Local Low Not required Complete Complete Complete
A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses the PACKET_MMAP functionality to trigger this vulnerability.
206 CVE-2020-35606 78 Exec Code 2020-12-21 2022-04-26
9.0
None Remote Low ??? Complete Complete Complete
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
207 CVE-2020-35605 Exec Code 2020-12-21 2020-12-27
7.5
None Remote Low Not required Partial Partial Partial
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
208 CVE-2020-35604 611 2020-12-21 2020-12-22
9.3
None Remote Medium Not required Complete Complete Complete
An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used.
209 CVE-2020-35598 22 Dir. Trav. 2020-12-23 2021-02-08
5.0
None Remote Low Not required Partial None None
ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623
210 CVE-2020-35590 307 Bypass 2020-12-21 2020-12-22
5.0
None Remote Low Not required Partial None None
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does not ever reach the maximum allowed retries.
211 CVE-2020-35589 79 XSS 2020-12-21 2020-12-22
3.5
None Remote Medium ??? None Partial None
The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims.
212 CVE-2020-35587 2020-12-23 2020-12-23
5.0
None Remote Low Not required Partial None None
** DISPUTED ** In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is directly associated with a negative impact, or instead only facilitates an attack technique.
213 CVE-2020-35586 307 2020-12-23 2020-12-23
5.0
None Remote Low Not required Partial None None
In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters).
214 CVE-2020-35585 307 2020-12-23 2020-12-23
5.0
None Remote Low Not required Partial None None
In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities.
215 CVE-2020-35584 +Info 2020-12-23 2021-07-21
4.3
None Remote Medium Not required Partial None None
In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys.
216 CVE-2020-35579 DoS 2020-12-20 2020-12-22
5.0
None Remote Low Not required None None Partial
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a request loop and a denial of service may occur.
217 CVE-2020-35575 2020-12-26 2021-09-07
7.5
None Remote Low Not required Partial Partial Partial
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.
218 CVE-2020-35573 834 DoS 2020-12-20 2022-04-26
5.0
None Remote Low Not required None None Partial
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
219 CVE-2020-35555 2020-12-18 2020-12-22
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020).
220 CVE-2020-35554 2020-12-18 2020-12-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020).
221 CVE-2020-35553 920 DoS 2020-12-18 2020-12-18
7.8
None Remote Low Not required None None Complete
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a power-shortage incident that causes a false-positive attack detection. The Samsung ID is SVE-2020-19678 (December 2020).
222 CVE-2020-35552 +Info 2020-12-18 2020-12-18
5.0
None Remote Low Not required Partial None None
An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020).
223 CVE-2020-35551 294 2020-12-18 2020-12-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).
224 CVE-2020-35550 Bypass 2020-12-18 2020-12-18
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020).
225 CVE-2020-35549 2020-12-18 2020-12-21
2.1
None Local Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020).
226 CVE-2020-35548 DoS 2020-12-18 2020-12-21
2.1
None Local Low Not required None None Partial
An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020).
227 CVE-2020-35545 89 Sql 2020-12-17 2020-12-21
7.5
None Remote Low Not required Partial Partial Partial
Time-based SQL injection exists in Spotweb 1.4.9 via the query string.
228 CVE-2020-35497 200 +Info 2020-12-21 2020-12-22
4.0
None Remote Low ??? Partial None None
A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users' personal information, including name, email and public SSH key.
229 CVE-2020-35491 502 2020-12-17 2022-04-28
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
230 CVE-2020-35490 502 2020-12-17 2022-05-13
6.8
None Remote Medium Not required Partial Partial Partial
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
231 CVE-2020-35489 434 Exec Code 2020-12-17 2020-12-22
10.0
None Remote Low Not required Complete Complete Complete
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
232 CVE-2020-35480 203 2020-12-18 2022-04-08
5.0
None Remote Low Not required Partial None None
An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.
233 CVE-2020-35479 79 XSS 2020-12-18 2020-12-27
4.3
None Remote Medium Not required None Partial None
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later.
234 CVE-2020-35478 79 XSS 2020-12-18 2020-12-27
4.3
None Remote Medium Not required None Partial None
MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.
235 CVE-2020-35477 670 2020-12-18 2022-04-08
5.0
None Remote Low Not required None Partial None
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).
236 CVE-2020-35476 77 Exec Code 2020-12-16 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.)
237 CVE-2020-35475 79 XSS 2020-12-18 2022-04-08
5.0
None Remote Low Not required Partial None None
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.)
238 CVE-2020-35474 79 XSS 2020-12-18 2021-02-04
4.3
None Remote Medium Not required None Partial None
In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.
239 CVE-2020-35471 2020-12-15 2020-12-16
5.0
None Remote Low Not required None None Partial
Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
240 CVE-2020-35470 2020-12-15 2020-12-16
5.8
None Local Network Low Not required Partial Partial Partial
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).
241 CVE-2020-35469 306 2020-12-16 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password.
242 CVE-2020-35468 306 2020-12-16 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password.
243 CVE-2020-35467 306 2020-12-15 2020-12-18
10.0
None Remote Low Not required Complete Complete Complete
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.
244 CVE-2020-35466 306 2020-12-15 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password.
245 CVE-2020-35465 306 2020-12-15 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the FullArmor HAPI File Share Mount container may allow the remote attacker to achieve root access with a blank password.
246 CVE-2020-35464 306 2020-12-15 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.
247 CVE-2020-35463 306 2020-12-15 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password.
248 CVE-2020-35462 306 2020-12-15 2020-12-17
10.0
None Remote Low Not required Complete Complete Complete
Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password.
249 CVE-2020-35460 22 Dir. Trav. 2020-12-14 2021-01-20
5.0
None Remote Low Not required None Partial None
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
250 CVE-2020-35457 190 Overflow 2020-12-14 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented.
Total number of vulnerabilities : 1530   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.