CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4251 CVE-2020-10648 20 Bypass 2020-03-19 2021-03-26
6.8
None Remote Medium Not required Partial Partial Partial
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
4252 CVE-2020-10646 787 Overflow 2020-04-13 2020-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.
4253 CVE-2020-10639 120 Overflow 2020-04-15 2020-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could cause a buffer overflow when loaded by the affected product.
4254 CVE-2020-10634 22 Dir. Trav. 2020-05-05 2020-05-12
6.4
None Remote Low Not required Partial Partial None
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible.
4255 CVE-2020-10626 427 Exec Code 2020-05-14 2020-05-19
6.9
None Local Medium Not required Complete Complete Complete
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.
4256 CVE-2020-10622 2020-05-04 2020-05-06
6.8
None Remote Medium Not required Partial Partial Partial
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users
4257 CVE-2020-10619 22 Dir. Trav. 2020-04-09 2020-04-10
6.4
None Remote Low Not required None Partial Partial
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.
4258 CVE-2020-10616 427 Exec Code 2020-05-14 2020-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.
4259 CVE-2020-10612 862 2020-05-14 2020-05-18
6.4
None Remote Low Not required None Partial Partial
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values.
4260 CVE-2020-10607 787 Exec Code Overflow 2020-03-27 2020-04-01
6.5
None Remote Low ??? Partial Partial Partial
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
4261 CVE-2020-10603 78 2020-04-09 2020-04-10
6.5
None Remote Low ??? Partial Partial Partial
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
4262 CVE-2020-10580 77 Exec Code 2021-03-25 2021-03-27
6.5
None Remote Low ??? Partial Partial Partial
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.
4263 CVE-2020-10568 352 Exec Code CSRF 2020-03-14 2020-03-19
6.8
None Remote Medium Not required Partial Partial Partial
The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose comparison. This leads to remote code execution in includes/class-wp-installer.php via a series of requests that leverage unintended comparisons of integers to strings.
4264 CVE-2020-10562 434 2020-03-13 2020-03-18
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads.
4265 CVE-2020-10557 434 Bypass 2020-03-16 2020-03-18
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.
4266 CVE-2020-10543 787 Overflow 2020-06-05 2021-10-20
6.4
None Remote Low Not required None Partial Partial
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
4267 CVE-2020-10540 352 CSRF 2020-03-13 2020-03-18
6.8
None Remote Medium Not required Partial Partial Partial
Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules.
4268 CVE-2020-10531 190 Overflow 2020-03-12 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
4269 CVE-2020-10519 77 Exec Code 2021-03-03 2021-03-09
6.5
None Remote Low ??? Partial Partial Partial
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.
4270 CVE-2020-10518 74 Exec Code 2020-08-27 2020-09-03
6.5
None Remote Low ??? Partial Partial Partial
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.
4271 CVE-2020-10514 20 2020-04-15 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command.
4272 CVE-2020-10390 78 Exec Code 2020-03-12 2020-03-26
6.5
None Remote Low ??? Partial Partial Partial
OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php.
4273 CVE-2020-10389 20 Exec Code 2020-03-12 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.
4274 CVE-2020-10386 20 Exec Code 2020-03-12 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.
4275 CVE-2020-10379 120 Overflow 2020-06-25 2020-07-27
6.8
None Remote Medium Not required Partial Partial Partial
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
4276 CVE-2020-10289 20 Exec Code 2020-08-20 2020-08-31
6.5
None Remote Low ??? Partial Partial Partial
Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug.
4277 CVE-2020-10284 2020-07-15 2020-07-23
6.4
None Remote Low Not required None Partial Partial
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
4278 CVE-2020-10266 345 2020-04-06 2020-04-06
6.8
None Remote Medium Not required Partial Partial Partial
UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily obtained from Universal Robots. An attacker could exploit this flaw by crafting a custom component with the SDK, performing Person-In-The-Middle attacks (PITM) and shipping the maliciously-crafted component on demand.
4279 CVE-2020-10252 918 DoS 2021-02-19 2021-02-25
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
4280 CVE-2020-10241 352 CSRF 2020-03-16 2020-03-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
4281 CVE-2020-10239 862 2020-03-16 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
4282 CVE-2020-10235 20 Exec Code 2020-03-09 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php.
4283 CVE-2020-10234 2021-02-05 2021-02-08
6.8
None Remote Low ??? None None Complete
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected.
4284 CVE-2020-10233 125 2020-03-09 2020-05-17
6.4
None Remote Low Not required Partial None Partial
In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.
4285 CVE-2020-10229 352 CSRF 2020-09-14 2020-09-18
6.8
None Remote Medium Not required Partial Partial Partial
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.
4286 CVE-2020-10228 434 Exec Code 2020-09-14 2020-09-18
6.5
None Remote Low ??? Partial Partial Partial
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
4287 CVE-2020-10195 200 +Info 2020-03-13 2020-03-18
6.5
None Remote Low ??? Partial Partial Partial
The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope privilege escalation via admin-post actions to com/classes/Actions.php. By sending a POST request to wp-admin/admin-post.php, an authenticated attacker with minimal (subscriber-level) permissions can modify the plugin's settings to allow arbitrary roles (including subscribers) access to plugin functionality by setting the action parameter to sgpbSaveSettings, export a list of current newsletter subscribers by setting the action parameter to csv_file, or obtain system configuration information including webserver configuration and a list of installed plugins by setting the action parameter to sgpb_system_info.
4288 CVE-2020-10190 89 Sql 2020-03-09 2020-03-10
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injection in app/models/tablequery.php by crafting a special payload on the /datatables/data endpoint.
4289 CVE-2020-10185 294 2020-03-05 2020-03-12
6.8
None Remote Medium Not required Partial Partial Partial
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.
4290 CVE-2020-10174 362 Exec Code 2020-03-05 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.
4291 CVE-2020-10140 732 Exec Code 2020-10-21 2020-10-22
6.9
None Local Medium Not required Complete Complete Complete
Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis.
4292 CVE-2020-10122 20 2020-03-17 2021-07-21
6.4
None Remote Low Not required None Partial Partial
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).
4293 CVE-2020-10118 2020-03-17 2020-03-19
6.4
None Remote Low Not required Partial Partial None
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
4294 CVE-2020-10117 863 2020-03-17 2021-07-21
6.4
None Remote Low Not required Partial Partial None
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
4295 CVE-2020-10083 281 2020-03-13 2020-03-17
6.4
None Remote Low Not required Partial Partial None
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.
4296 CVE-2020-10057 352 CSRF 2020-03-04 2020-03-05
6.8
None Remote Medium Not required Partial Partial Partial
GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user.
4297 CVE-2020-10045 294 2020-07-14 2020-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application.
4298 CVE-2020-10039 311 +Priv 2020-07-14 2020-07-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to the transmitted data.
4299 CVE-2020-10030 125 DoS Exec Code 2020-05-19 2020-06-14
6.5
None Remote Low ??? Partial Partial Partial
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.
4300 CVE-2020-10017 787 Exec Code 2020-12-08 2021-03-11
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.
Total number of vulnerabilities : 23854   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 (This Page)87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.