CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2020-23139 287 2020-11-09 2020-11-20
2.1
None Local Low Not required Partial None None
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.
502 CVE-2020-23138 434 2020-11-09 2020-11-20
7.5
None Remote Low Not required Partial Partial Partial
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.
503 CVE-2020-23136 613 2020-11-09 2020-11-20
2.1
None Local Low Not required Partial None None
Microweber v1.1.18 is affected by no session expiry after log-out.
504 CVE-2020-22723 79 XSS 2020-11-18 2020-11-27
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address.
505 CVE-2020-22394 79 XSS 2020-11-19 2020-11-25
4.3
None Remote Medium Not required None Partial None
In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.
506 CVE-2020-22278 1236 2020-11-04 2020-11-13
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents."
507 CVE-2020-22277 74 2020-11-04 2021-07-21
6.0
None Remote Medium ??? Partial Partial Partial
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile.
508 CVE-2020-22276 1236 2020-11-04 2020-11-12
7.5
None Remote Low Not required Partial Partial Partial
WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry.
509 CVE-2020-22275 74 2020-11-04 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable.
510 CVE-2020-22274 1236 2020-11-04 2020-11-12
7.5
None Remote Low Not required Partial Partial Partial
JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile.
511 CVE-2020-22273 352 CSRF 2020-11-04 2020-11-13
4.3
None Remote Medium Not required None Partial None
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)
512 CVE-2020-21667 89 Sql 2020-11-13 2020-12-01
6.5
None Remote Low ??? Partial Partial Partial
In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection.
513 CVE-2020-21665 89 Sql 2020-11-17 2020-11-30
6.5
None Remote Low ??? Partial Partial Partial
In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh.
514 CVE-2020-20740 787 Overflow 2020-11-20 2022-01-01
6.8
None Remote Medium Not required Partial Partial Partial
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().
515 CVE-2020-20739 908 2020-11-20 2022-01-01
5.0
None Remote Low Not required Partial None None
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
516 CVE-2020-19668 119 Overflow 2020-11-20 2021-07-21
4.3
None Remote Medium Not required None None Partial
Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6.
517 CVE-2020-19667 787 Overflow 2020-11-20 2021-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
518 CVE-2020-17901 352 CSRF 2020-11-30 2020-12-01
4.3
None Remote Medium Not required None Partial None
Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user.
519 CVE-2020-17510 287 Bypass 2020-11-05 2021-08-03
7.5
None Remote Low Not required Partial Partial Partial
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
520 CVE-2020-17494 327 2020-11-12 2021-07-21
5.0
None Remote Low Not required Partial None None
Untangle Firewall NG before 16.0 uses MD5 for passwords.
521 CVE-2020-17490 732 2020-11-06 2021-03-30
2.1
None Local Low Not required Partial None None
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
522 CVE-2020-17113 125 2020-11-11 2020-11-24
2.1
None Local Low Not required Partial None None
Windows Camera Codec Information Disclosure Vulnerability
523 CVE-2020-17110 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17109.
524 CVE-2020-17109 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17108, CVE-2020-17110.
525 CVE-2020-17108 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17107, CVE-2020-17109, CVE-2020-17110.
526 CVE-2020-17107 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17106, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.
527 CVE-2020-17106 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17107, CVE-2020-17108, CVE-2020-17109, CVE-2020-17110.
528 CVE-2020-17105 Exec Code 2020-11-11 2020-11-24
10.0
None Remote Low Not required Complete Complete Complete
AV1 Video Extension Remote Code Execution Vulnerability
529 CVE-2020-17104 20 Exec Code 2020-11-11 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
530 CVE-2020-17102 2020-11-11 2020-12-01
2.1
None Local Low Not required Partial None None
WebP Image Extensions Information Disclosure Vulnerability
531 CVE-2020-17101 Exec Code 2020-11-11 2020-12-01
4.6
None Local Low Not required Partial Partial Partial
HEIF Image Extensions Remote Code Execution Vulnerability
532 CVE-2020-17100 2020-11-11 2020-12-01
2.1
None Local Low Not required None Partial None
Visual Studio Tampering Vulnerability
533 CVE-2020-17091 Exec Code 2020-11-11 2020-12-01
4.4
None Local Medium Not required Partial Partial Partial
Microsoft Teams Remote Code Execution Vulnerability
534 CVE-2020-17090 Bypass 2020-11-11 2020-12-01
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
535 CVE-2020-17088 269 2020-11-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Windows Common Log File System Driver Elevation of Privilege Vulnerability
536 CVE-2020-17087 269 2020-11-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Windows Kernel Local Elevation of Privilege Vulnerability
537 CVE-2020-17086 Exec Code 2020-11-11 2020-11-17
7.5
None Remote Low Not required Partial Partial Partial
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17082.
538 CVE-2020-17085 20 DoS 2020-11-11 2021-07-21
4.0
None Remote Low ??? None None Partial
Microsoft Exchange Server Denial of Service Vulnerability
539 CVE-2020-17084 120 Exec Code 2020-11-11 2020-11-17
9.0
None Remote Low ??? Complete Complete Complete
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17083.
540 CVE-2020-17083 79 Exec Code XSS 2020-11-11 2020-11-17
3.5
None Remote Medium ??? None Partial None
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17084.
541 CVE-2020-17082 Exec Code 2020-11-11 2020-11-17
7.5
None Remote Low Not required Partial Partial Partial
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17079, CVE-2020-17086.
542 CVE-2020-17081 2020-11-11 2020-11-17
5.0
None Remote Low Not required Partial None None
Microsoft Raw Image Extension Information Disclosure Vulnerability
543 CVE-2020-17079 Exec Code 2020-11-11 2020-11-17
7.5
None Remote Low Not required Partial Partial Partial
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17078, CVE-2020-17082, CVE-2020-17086.
544 CVE-2020-17078 Exec Code 2020-11-11 2020-11-17
7.5
None Remote Low Not required Partial Partial Partial
Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17079, CVE-2020-17082, CVE-2020-17086.
545 CVE-2020-17077 269 2020-11-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Windows Update Stack Elevation of Privilege Vulnerability
546 CVE-2020-17076 269 2020-11-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17073, CVE-2020-17074.
547 CVE-2020-17075 269 2020-11-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Windows USO Core Worker Elevation of Privilege Vulnerability
548 CVE-2020-17074 269 2020-11-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17073, CVE-2020-17076.
549 CVE-2020-17073 269 2020-11-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Windows Update Orchestrator Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17074, CVE-2020-17076.
550 CVE-2020-17071 2020-11-11 2020-11-16
2.1
None Local Low Not required Partial None None
Windows Delivery Optimization Information Disclosure Vulnerability
Total number of vulnerabilities : 1271   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.