CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2018-19952 89 Sql +Info 2020-11-02 2020-11-04
5.0
None Remote Low Not required Partial None None
If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
1252 CVE-2018-19951 79 XSS 2020-11-02 2020-11-02
4.3
None Remote Medium Not required None Partial None
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
1253 CVE-2018-19950 78 Exec Code 2020-11-02 2020-11-02
7.5
None Remote Low Not required Partial Partial Partial
If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
1254 CVE-2018-19025 294 Exec Code 2020-11-02 2020-11-12
10.0
None Remote Low Not required Complete Complete Complete
In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).
1255 CVE-2018-17932 294 2020-11-02 2020-11-12
10.0
None Remote Low Not required Complete Complete Complete
JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.
1256 CVE-2018-16723 20 DoS 2020-11-23 2020-11-25
4.6
None Local Low Not required Partial Partial Partial
In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020.
1257 CVE-2018-16722 20 DoS 2020-11-23 2020-11-25
4.6
None Local Low Not required Partial Partial Partial
In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305.
1258 CVE-2018-16721 20 DoS 2020-11-23 2020-11-25
4.6
None Local Low Not required Partial Partial Partial
In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306.
1259 CVE-2018-16720 20 DoS 2020-11-23 2020-11-25
4.6
None Local Low Not required Partial Partial Partial
In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304.
1260 CVE-2018-16719 20 DoS 2020-11-23 2020-11-25
4.6
None Local Low Not required Partial Partial Partial
In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482.
1261 CVE-2018-1725 2020-11-05 2020-11-12
2.1
None Local Low Not required Partial None None
IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440.
1262 CVE-2017-18926 787 Overflow 2020-11-06 2020-11-19
5.8
None Remote Medium Not required None Partial Partial
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).
1263 CVE-2017-15686 79 XSS 2020-11-27 2020-11-28
4.3
None Remote Medium Not required None Partial None
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.
1264 CVE-2017-15685 91 2020-11-27 2020-11-28
5.0
None Remote Low Not required Partial None None
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
1265 CVE-2017-15684 22 Dir. Trav. 2020-11-27 2020-11-28
5.0
None Remote Low Not required Partial None None
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.
1266 CVE-2017-15683 91 2020-11-27 2020-11-28
5.0
None Remote Low Not required Partial None None
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
1267 CVE-2017-15682 79 XSS 2020-11-27 2020-11-28
4.3
None Remote Medium Not required None Partial None
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
1268 CVE-2017-15681 22 Dir. Trav. 2020-11-27 2020-11-28
7.5
None Remote Low Not required Partial Partial Partial
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.
1269 CVE-2017-15680 862 2020-11-27 2020-11-28
6.4
None Remote Low Not required Partial Partial None
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
1270 CVE-2015-9551 Exec Code 2020-11-24 2020-12-04
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter.
1271 CVE-2015-9550 668 2020-11-24 2020-12-04
5.0
None Remote Low Not required Partial None None
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface.
Total number of vulnerabilities : 1271   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.