CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2020-17042 Exec Code 2020-11-11 2020-11-19
9.3
None Remote Medium Not required Complete Complete Complete
Windows Print Spooler Remote Code Execution Vulnerability
1152 CVE-2020-17023 Exec Code 2020-10-16 2020-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file, aka 'Visual Studio JSON Remote Code Execution Vulnerability'.
1153 CVE-2020-17003 Exec Code 2020-10-16 2020-10-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka 'Base3D Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16918.
1154 CVE-2020-17002 Bypass 2020-12-10 2021-03-03
9.4
None Remote Low Not required Complete Complete None
Azure SDK for C Security Feature Bypass Vulnerability
1155 CVE-2020-16977 Exec Code 2020-10-16 2020-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'.
1156 CVE-2020-16968 119 Exec Code Overflow 2020-10-16 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16967.
1157 CVE-2020-16967 119 Exec Code Overflow 2020-10-16 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16968.
1158 CVE-2020-16957 Exec Code 2020-10-16 2020-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.
1159 CVE-2020-16947 125 Exec Code 2020-10-16 2020-10-22
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.
1160 CVE-2020-16924 119 Exec Code Overflow 2020-10-16 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.
1161 CVE-2020-16918 Exec Code 2020-10-16 2020-10-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory., aka 'Base3D Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-17003.
1162 CVE-2020-16911 Exec Code 2020-10-16 2020-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
1163 CVE-2020-16881 20 Exec Code 2020-09-11 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file, aka 'Visual Studio JSON Remote Code Execution Vulnerability'.
1164 CVE-2020-16875 94 Exec Code 2020-09-11 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka 'Microsoft Exchange Server Remote Code Execution Vulnerability'.
1165 CVE-2020-16874 94 Exec Code 2020-09-11 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16856.
1166 CVE-2020-16856 Exec Code 2020-09-11 2020-09-17
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16874.
1167 CVE-2020-16608 79 Exec Code XSS 2020-12-10 2020-12-11
9.3
None Remote Medium Not required Complete Complete Complete
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).
1168 CVE-2020-16259 732 2020-10-28 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user.
1169 CVE-2020-16257 77 2020-10-28 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
Winston 1.5.4 devices are vulnerable to command injection via the API.
1170 CVE-2020-16256 352 CSRF 2020-10-28 2020-11-03
9.3
None Remote Medium Not required Complete Complete Complete
The API on Winston 1.5.4 devices is vulnerable to CSRF.
1171 CVE-2020-16215 20 Exec Code Overflow 2020-08-06 2021-11-22
9.3
None Remote Medium Not required Complete Complete Complete
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
1172 CVE-2020-16208 352 CSRF 2020-09-01 2020-09-08
9.3
None Remote Medium Not required Complete Complete Complete
The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).
1173 CVE-2020-16205 78 Exec Code 2020-08-14 2020-08-19
9.0
None Remote Low ??? Complete Complete Complete
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).
1174 CVE-2020-16204 912 Exec Code 2020-09-01 2020-09-04
10.0
None Remote Low Not required Complete Complete Complete
The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).
1175 CVE-2020-16152 829 Exec Code 2021-11-14 2021-11-18
10.0
None Remote Low Not required Complete Complete Complete
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
1176 CVE-2020-16148 94 2020-09-24 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network.
1177 CVE-2020-16147 94 2020-09-24 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.
1178 CVE-2020-16087 74 2020-08-13 2020-08-19
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file.
1179 CVE-2020-16039 416 2021-01-08 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1180 CVE-2020-16038 416 2021-01-08 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1181 CVE-2020-16037 416 2021-01-08 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1182 CVE-2020-15932 59 2020-07-24 2020-08-05
9.0
None Remote Low ??? Complete Complete Complete
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.
1183 CVE-2020-15922 78 Exec Code 2020-07-24 2020-09-28
10.0
None Remote Low Not required Complete Complete Complete
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
1184 CVE-2020-15920 78 Exec Code 2020-07-24 2020-09-16
10.0
None Remote Low Not required Complete Complete Complete
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
1185 CVE-2020-15916 78 Exec Code 2020-07-23 2020-07-27
10.0
None Remote Low Not required Complete Complete Complete
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.
1186 CVE-2020-15903 269 2020-09-09 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3.
1187 CVE-2020-15865 20 Exec Code 2020-08-18 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server.
1188 CVE-2020-15836 Exec Code 2021-02-01 2021-02-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root.
1189 CVE-2020-15835 287 2021-02-01 2021-02-03
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function contains undocumented code that provides the ability to authenticate as root without knowing the actual root password. An adversary with the private key can remotely authenticate to the management interface as root.
1190 CVE-2020-15833 798 2021-02-01 2021-02-04
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner.
1191 CVE-2020-15800 122 Overflow 2021-01-12 2021-09-14
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.
1192 CVE-2020-15798 306 2021-02-09 2021-08-10
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions < V16 Update 3a), SIMATIC HMI KTP Mobile Panels (All versions < V16 Update 3a), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). Affected devices with enabled telnet service do not require authentication for this service. This could allow a remote attacker to gain full access to the device. (ZDI-CAN-12046)
1193 CVE-2020-15744 787 Exec Code Overflow 2021-08-30 2021-09-03
10.0
None Remote Low Not required Complete Complete Complete
Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions.
1194 CVE-2020-15692 88 Exec Code 2020-08-14 2021-02-08
10.0
None Remote Low Not required Complete Complete Complete
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.
1195 CVE-2020-15663 269 Exec Code 2020-10-01 2020-10-13
9.3
None Remote Medium Not required Complete Complete Complete
If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2.
1196 CVE-2020-15659 787 Mem. Corr. 2020-08-10 2020-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
1197 CVE-2020-15656 843 2020-08-10 2020-08-18
9.3
None Remote Medium Not required Complete Complete Complete
JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
1198 CVE-2020-15645 434 Exec Code Bypass 2020-08-25 2020-09-25
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10553.
1199 CVE-2020-15644 22 Exec Code Dir. Trav. Bypass 2020-08-25 2020-12-23
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the setAppFileBytes method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10550.
1200 CVE-2020-15643 22 Exec Code Dir. Trav. Bypass 2020-08-25 2020-09-25
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10549.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.