CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2020-29056 77 2020-11-24 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration.
52 CVE-2020-29055 319 2020-11-24 2021-03-11
4.3
None Remote Medium Not required Partial None None
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.
53 CVE-2020-29054 522 2020-11-24 2021-03-11
5.0
None Remote Low Not required Partial None None
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use "show system infor" to discover cleartext TELNET credentials.
54 CVE-2020-29053 79 XSS 2020-11-24 2020-11-27
4.3
None Remote Medium Not required None Partial None
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
55 CVE-2020-29043 862 2020-11-26 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.
56 CVE-2020-29042 307 2020-11-26 2020-11-29
4.3
None Remote Medium Not required Partial None None
An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
57 CVE-2020-29040 193 DoS +Priv 2020-11-24 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.
58 CVE-2020-29006 862 2020-11-24 2020-12-03
7.5
None Remote Low Not required Partial Partial Partial
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
59 CVE-2020-29003 79 XSS 2020-11-24 2020-11-30
3.5
None Remote Medium ??? None Partial None
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
60 CVE-2020-29002 79 XSS 2020-11-24 2020-11-30
3.5
None Remote Medium ??? None Partial None
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
61 CVE-2020-28994 89 Sql 2020-11-24 2020-11-30
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various tasks such as modifying and leaking all contents of the database.
62 CVE-2020-28991 2020-11-24 2020-12-03
7.5
None Remote Low Not required Partial Partial Partial
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.
63 CVE-2020-28984 2020-11-23 2021-02-04
7.5
None Remote Low Not required Partial Partial Partial
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
64 CVE-2020-28978 918 2020-11-30 2022-01-04
5.0
None Remote Low Not required Partial None None
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.
65 CVE-2020-28977 918 2020-11-30 2022-01-04
5.0
None Remote Low Not required Partial None None
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.
66 CVE-2020-28976 918 2020-11-30 2022-01-04
5.0
None Remote Low Not required Partial None None
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
67 CVE-2020-28975 DoS 2020-11-21 2020-12-03
5.0
None Remote Low Not required None None Partial
** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute.
68 CVE-2020-28974 125 2020-11-20 2021-01-27
6.1
None Local Low Not required Partial Partial Complete
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.
69 CVE-2020-28954 116 2020-11-19 2020-11-29
5.0
None Remote Low Not required None Partial None
web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.
70 CVE-2020-28953 732 2020-11-19 2021-07-21
4.0
None Remote Low ??? None Partial None
In BigBlueButton before 2.2.29, a user can vote more than once in a single poll.
71 CVE-2020-28951 416 2020-11-19 2020-12-02
10.0
None Remote Low Not required Complete Complete Complete
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.
72 CVE-2020-28949 74 2020-11-19 2022-01-06
6.8
None Remote Medium Not required Partial Partial Partial
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
73 CVE-2020-28948 502 2020-11-19 2021-09-25
6.8
None Remote Medium Not required Partial Partial Partial
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
74 CVE-2020-28947 79 XSS 2020-11-19 2020-11-30
4.3
None Remote Medium Not required None Partial None
In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.
75 CVE-2020-28942 295 Bypass 2020-11-19 2020-12-03
4.0
None Remote Low ??? None Partial None
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA.
76 CVE-2020-28941 763 DoS 2020-11-19 2020-12-11
4.9
None Local Low Not required None None Complete
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once.
77 CVE-2020-28928 787 Overflow 2020-11-24 2021-12-02
2.1
None Local Low Not required None None Partial
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
78 CVE-2020-28927 79 XSS 2020-11-23 2020-11-30
4.3
None Remote Medium Not required None Partial None
There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
79 CVE-2020-28926 120 Exec Code Overflow 2020-11-30 2020-12-11
7.5
None Remote Low Not required Partial Partial Partial
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
80 CVE-2020-28924 338 2020-11-19 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.
81 CVE-2020-28922 269 Exec Code 2020-11-27 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges.
82 CVE-2020-28921 269 Exec Code 2020-11-27 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges.
83 CVE-2020-28917 312 2020-11-18 2020-12-02
4.0
None Remote Low ??? Partial None None
An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3. It saves all GET and POST data of TYPO3 frontend requests to the database. Depending on the extensions used on a TYPO3 website, sensitive data (e.g., cleartext passwords if ext:felogin is installed) may be saved.
84 CVE-2020-28915 125 2020-11-18 2020-12-15
6.1
None Local Low Not required Partial Partial Complete
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.
85 CVE-2020-28914 732 2020-11-17 2020-12-04
3.6
None Local Low Not required None Partial Partial
An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only.
86 CVE-2020-28896 522 2020-11-23 2021-07-21
2.6
None Remote High Not required Partial None None
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.
87 CVE-2020-28877 120 Overflow 2020-11-20 2020-12-03
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.
88 CVE-2020-28864 120 DoS Overflow 2020-11-23 2020-12-02
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.
89 CVE-2020-28845 1236 2020-11-20 2020-12-02
9.3
None Remote Medium Not required Complete Complete Complete
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.
90 CVE-2020-28726 601 2020-11-24 2020-12-02
5.8
None Remote Medium Not required Partial Partial None
Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.
91 CVE-2020-28724 601 2020-11-18 2020-12-01
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
92 CVE-2020-28723 400 2020-11-16 2021-07-21
5.0
None Remote Low Not required None None Partial
Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.
93 CVE-2020-28693 434 2020-11-16 2020-11-30
9.0
None Remote Low ??? Complete Complete Complete
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>
94 CVE-2020-28692 434 2020-11-16 2020-11-30
6.5
None Remote Low ??? Partial Partial Partial
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.
95 CVE-2020-28688 434 2020-11-17 2020-12-02
9.0
None Remote Low ??? Complete Complete Complete
The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
96 CVE-2020-28687 434 2020-11-17 2020-12-02
9.0
None Remote Low ??? Complete Complete Complete
The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.
97 CVE-2020-28656 354 Exec Code 2020-11-16 2020-12-02
7.2
None Local Low Not required Complete Complete Complete
The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.
98 CVE-2020-28650 79 XSS 2020-11-16 2020-11-27
3.5
None Remote Medium ??? None Partial None
The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.
99 CVE-2020-28649 352 CSRF 2020-11-16 2020-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.
100 CVE-2020-28648 20 Exec Code 2020-11-16 2021-05-26
9.0
None Remote Low ??? Complete Complete Complete
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.
Total number of vulnerabilities : 1271   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.