CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-26163 2020-09-30 2020-10-15
6.8
None Remote Medium Not required Partial Partial Partial
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
2 CVE-2020-26160 862 Bypass 2020-09-30 2021-07-21
5.0
None Remote Low Not required Partial None None
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.
3 CVE-2020-26158 79 Exec Code XSS 2020-09-30 2020-10-05
6.8
None Remote Medium Not required Partial Partial Partial
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration.
4 CVE-2020-26157 79 Exec Code XSS 2020-09-30 2020-10-05
6.8
None Remote Medium Not required Partial Partial Partial
Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing. This leads to remote code execution because of Node integration.
5 CVE-2020-26154 120 Overflow 2020-09-30 2020-11-29
6.8
None Remote Medium Not required Partial Partial Partial
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
6 CVE-2020-26150 200 +Info 2020-09-30 2021-07-21
5.0
None Remote Low Not required Partial None None
info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.
7 CVE-2020-26149 522 2020-09-30 2020-10-09
5.0
None Remote Low Not required Partial None None
NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server.
8 CVE-2020-26148 908 DoS 2020-09-30 2020-10-09
5.0
None Remote Low Not required None None Partial
md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document.
9 CVE-2020-26137 74 2020-09-30 2021-10-20
6.4
None Remote Low Not required Partial Partial None
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
10 CVE-2020-26121 863 2020-09-27 2020-12-14
5.0
None Remote Low Not required None Partial None
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title.
11 CVE-2020-26120 79 XSS 2020-09-27 2020-12-14
4.3
None Remote Medium Not required None Partial None
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM.
12 CVE-2020-26117 295 2020-09-27 2020-11-06
5.8
None Remote Medium Not required Partial Partial None
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
13 CVE-2020-26116 116 2020-09-27 2021-10-20
6.4
None Remote Low Not required Partial Partial None
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
14 CVE-2020-26115 79 XSS 2020-09-25 2020-09-25
4.3
None Remote Medium Not required None Partial None
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
15 CVE-2020-26114 79 XSS 2020-09-25 2020-09-25
4.3
None Remote Medium Not required None Partial None
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
16 CVE-2020-26113 79 XSS 2020-09-25 2020-09-29
4.3
None Remote Medium Not required None Partial None
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).
17 CVE-2020-26112 2020-09-25 2020-09-29
5.0
None Remote Low Not required None Partial None
The email quota cache in cPanel before 90.0.10 allows overwriting of files.
18 CVE-2020-26111 79 XSS 2020-09-25 2020-09-29
4.3
None Remote Medium Not required None Partial None
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).
19 CVE-2020-26110 79 XSS 2020-09-25 2020-09-29
4.3
None Remote Medium Not required None Partial None
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).
20 CVE-2020-26109 Bypass 2020-09-25 2020-09-29
5.0
None Remote Low Not required None Partial None
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).
21 CVE-2020-26108 Exec Code 2020-09-25 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
22 CVE-2020-26107 326 2020-09-25 2021-07-21
5.0
None Remote Low Not required Partial None None
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).
23 CVE-2020-26106 532 2020-09-25 2021-07-21
5.0
None Remote Low Not required Partial None None
cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).
24 CVE-2020-26105 522 2020-09-25 2021-07-21
5.0
None Remote Low Not required Partial None None
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).
25 CVE-2020-26104 922 2020-09-25 2020-09-29
5.0
None Remote Low Not required Partial None None
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).
26 CVE-2020-26103 521 2020-09-25 2020-09-29
5.0
None Remote Low Not required Partial None None
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).
27 CVE-2020-26102 863 2020-09-25 2021-07-21
5.0
None Remote Low Not required Partial None None
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
28 CVE-2020-26101 522 2020-09-25 2021-07-21
5.0
None Remote Low Not required Partial None None
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).
29 CVE-2020-26100 2020-09-25 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).
30 CVE-2020-26099 Bypass 2020-09-25 2020-09-29
5.0
None Remote Low Not required None Partial None
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).
31 CVE-2020-26098 Exec Code 2020-09-25 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
32 CVE-2020-26088 276 Bypass 2020-09-24 2020-11-02
2.1
None Local Low Not required None Partial None
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.
33 CVE-2020-26043 79 XSS 2020-09-30 2020-10-02
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php
34 CVE-2020-26042 89 Sql 2020-09-30 2020-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php
35 CVE-2020-26041 Exec Code 2020-09-30 2020-10-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php
36 CVE-2020-25869 755 +Info 2020-09-27 2021-07-21
5.0
None Remote Low Not required Partial None None
An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki.
37 CVE-2020-25830 79 XSS 2020-09-30 2020-10-13
3.5
None Remote Medium ??? None Partial None
An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php.
38 CVE-2020-25828 79 XSS 2020-09-27 2020-12-14
4.3
None Remote Medium Not required None Partial None
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)
39 CVE-2020-25827 307 2020-09-27 2020-12-14
5.0
None Remote Low Not required None Partial None
An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.
40 CVE-2020-25826 269 +Priv 2020-09-23 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe.
41 CVE-2020-25821 476 2020-09-23 2020-09-30
5.0
None Remote Low Not required None None Partial
** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
42 CVE-2020-25816 2020-09-30 2021-09-07
4.9
None Remote Medium ??? Partial Partial None
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.
43 CVE-2020-25815 79 XSS 2020-09-27 2020-12-14
4.3
None Remote Medium Not required None Partial None
An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().
44 CVE-2020-25814 79 XSS 2020-09-27 2020-12-14
4.3
None Remote Medium Not required None Partial None
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href ="javascript... that executes when clicked.
45 CVE-2020-25813 2020-09-27 2020-12-14
5.0
None Remote Low Not required Partial None None
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
46 CVE-2020-25812 79 XSS 2020-09-27 2020-12-14
4.3
None Remote Medium Not required None Partial None
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
47 CVE-2020-25796 129 2020-09-19 2021-01-12
5.0
None Remote Low Not required None None Partial
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement.
48 CVE-2020-25795 401 2020-09-19 2021-01-12
5.0
None Remote Low Not required None None Partial
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic.
49 CVE-2020-25794 401 2020-09-19 2021-01-12
5.0
None Remote Low Not required None None Partial
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.
50 CVE-2020-25793 129 2020-09-19 2021-01-12
5.0
None Remote Low Not required None None Partial
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.
Total number of vulnerabilities : 1593   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.