CVE List - 2020 / December
Showing 1101 - 1200 of 1538 CVEs for December 2020 (Page 12 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-27397 | 2020-12-23 | Marital - Online Matrimonial Project In PHP version 1.0 suffers... |
| CVE-2020-28070 | 2020-12-23 | SourceCodester Alumni Management System 1.0 is affected by SQL injection... |
| CVE-2020-28071 | 2020-12-23 | SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting... |
| CVE-2020-28073 | 2020-12-23 | SourceCodester Library Management System 1.0 is affected by SQL Injection... |
| CVE-2020-28074 | 2020-12-23 | SourceCodester Online Health Care System 1.0 is affected by SQL... |
| CVE-2020-35252 | 2020-12-23 | Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter... |
| CVE-2020-35370 | 2020-12-23 | A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated... |
| CVE-2020-35269 | 2020-12-23 | Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site... |
| CVE-2020-35598 | 2020-12-23 | ACS Advanced Comment System 1.0 is affected by Directory Traversal... |
| CVE-2020-35666 | 2020-12-23 | Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone... |
| CVE-2020-35668 | 2020-12-23 | RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that... |
| CVE-2020-28188 | 2020-12-24 | Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06... |
| CVE-2020-5681 | 2020-12-24 | Untrusted search path vulnerability in self-extracting files created by EpsonNet... |
| CVE-2020-5684 | 2020-12-24 | iSM client versions from V5.1 prior to V12.1 running on... |
| CVE-2020-2499 | 2020-12-24 | Hard-coded Password Vulnerability in QES |
| CVE-2020-2503 | 2020-12-24 | Stored cross-site scripting vulnerability in QES |
| CVE-2020-2504 | 2020-12-24 | Absolute path traversal vulnerability in QES |
| CVE-2020-2505 | 2020-12-24 | Sensitive information via generation of error messages vulnerability in QES |
| CVE-2020-35669 | 2020-12-24 | An issue was discovered in the http package through 0.12.2... |
| CVE-2020-35677 | 2020-12-24 | BigProf Online Invoicing System before 4.0 fails to adequately sanitize... |
| CVE-2020-35676 | 2020-12-24 | BigProf Online Invoicing System before 3.1 fails to correctly sanitize... |
| CVE-2020-35675 | 2020-12-24 | BigProf Online Invoicing System before 3.0 offers a functionality that... |
| CVE-2020-35674 | 2020-12-24 | BigProf Online Invoicing System before 2.9 suffers from an unauthenticated... |
| CVE-2020-28185 | 2020-12-24 | User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote... |
| CVE-2020-28184 | 2020-12-24 | Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows... |
| CVE-2020-28186 | 2020-12-24 | Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated... |
| CVE-2020-28187 | 2020-12-24 | Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow... |
| CVE-2020-28190 | 2020-12-24 | TerraMaster TOS <= 4.2.06 was found to check for updates... |
| CVE-2020-28169 | 2020-12-24 | The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to... |
| CVE-2020-29189 | 2020-12-24 | Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows... |
| CVE-2020-27721 | 2020-12-24 | In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, in... |
| CVE-2020-27718 | 2020-12-24 | When a BIG-IP ASM or Advanced WAF system running version... |
| CVE-2020-27724 | 2020-12-24 | In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2,... |
| CVE-2020-27725 | 2020-12-24 | In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 of BIG-IP... |
| CVE-2020-27727 | 2020-12-24 | On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an... |
| CVE-2020-27726 | 2020-12-24 | In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected... |
| CVE-2020-27716 | 2020-12-24 | On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a... |
| CVE-2020-27715 | 2020-12-24 | On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the... |
| CVE-2020-27723 | 2020-12-24 | In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual server... |
| CVE-2020-27714 | 2020-12-24 | On the BIG-IP AFM version 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when... |
| CVE-2020-27717 | 2020-12-24 | On BIG-IP DNS 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, undisclosed... |
| CVE-2020-27722 | 2020-12-24 | In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain... |
| CVE-2020-27720 | 2020-12-24 | On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when... |
| CVE-2020-27719 | 2020-12-24 | On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS)... |
| CVE-2020-27729 | 2020-12-24 | In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an... |
| CVE-2020-27728 | 2020-12-24 | On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and... |
| CVE-2020-9200 | 2020-12-24 | There has a CSV injection vulnerability in iManager NetEco 6000... |
| CVE-2020-9202 | 2020-12-24 | There is an information disclosure vulnerability in TE Mobile software... |
| CVE-2020-9201 | 2020-12-24 | There is an out-of-bounds read vulnerability in some versions of... |
| CVE-2020-9137 | 2020-12-24 | There is a privilege escalation vulnerability in some versions of... |
| CVE-2020-9119 | 2020-12-24 | There is a privilege escalation vulnerability on some Huawei smart... |
| CVE-2020-9120 | 2020-12-24 | CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability.... |
| CVE-2020-35680 | 2020-12-24 | smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote... |
| CVE-2020-35679 | 2020-12-24 | smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which... |
| CVE-2020-35659 | 2020-12-24 | The DNS query log in Pi-hole before 5.2.2 is vulnerable... |
| CVE-2020-24658 | 2020-12-24 | Arm Compiler 5 through 5.06u6 has an error in a... |
| CVE-2020-35693 | 2020-12-24 | On some Samsung phones and tablets running Android through 7.1.1,... |
| CVE-2020-29247 | 2020-12-24 | WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the... |
| CVE-2020-29472 | 2020-12-24 | EGavilan Media Under Construction page with cPanel 1.0 contains a... |
| CVE-2020-29474 | 2020-12-24 | EGavilan Media EGM Address Book 1.0 contains a SQL injection... |
| CVE-2020-28912 | 2020-12-24 | With MariaDB running on Windows, when local clients connect to... |
| CVE-2020-11093 | 2020-12-24 | Authorization bypass in Hyperledger Indy |
| CVE-2020-26282 | 2020-12-24 | Template Injection in BrowserUp Proxy |
| CVE-2020-35702 | 2020-12-25 | DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer... |
| CVE-2020-35708 | 2020-12-25 | phpList 3.5.9 allows SQL injection by admins who provide a... |
| CVE-2020-35707 | 2020-12-25 | Daybyday 2.1.0 allows stored XSS via the Company Name parameter... |
| CVE-2020-35706 | 2020-12-25 | Daybyday 2.1.0 allows stored XSS via the Title parameter to... |
| CVE-2020-35705 | 2020-12-25 | Daybyday 2.1.0 allows stored XSS via the Name parameter to... |
| CVE-2020-35704 | 2020-12-25 | Daybyday 2.1.0 allows stored XSS via the Title parameter to... |
| CVE-2020-35709 | 2020-12-25 | bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with... |
| CVE-2020-35710 | 2020-12-25 | Parallels Remote Application Server (RAS) 18 allows remote attackers to... |
| CVE-2020-35711 | 2020-12-25 | An issue has been discovered in the arc-swap crate before... |
| CVE-2020-35712 | 2020-12-25 | Esri ArcGIS Server before 10.8 is vulnerable to SSRF in... |
| CVE-2020-20412 | 2020-12-26 | lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12... |
| CVE-2020-35716 | 2020-12-26 | Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to... |
| CVE-2020-35715 | 2020-12-26 | Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users... |
| CVE-2020-35714 | 2020-12-26 | Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users... |
| CVE-2020-35713 | 2020-12-26 | Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to... |
| CVE-2020-25917 | 2020-12-26 | Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access... |
| CVE-2020-26766 | 2020-12-26 | A Cross Site Request Forgery (CSRF) vulnerability exists in the... |
| CVE-2020-27515 | 2020-12-26 | A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0... |
| CVE-2020-29172 | 2020-12-26 | A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin... |
| CVE-2020-29385 | 2020-12-26 | GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of... |
| CVE-2020-35575 | 2020-12-26 | A password-disclosure issue in the web interface on certain TP-Link... |
| CVE-2020-35388 | 2020-12-26 | rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information... |
| CVE-2020-35346 | 2020-12-26 | CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability... |
| CVE-2020-35347 | 2020-12-26 | CXUUCMS V3 3.1 has a CSRF vulnerability that can add... |
| CVE-2020-35376 | 2020-12-26 | Xpdf 4.02 allows stack consumption because of an incorrect subroutine... |
| CVE-2020-35349 | 2020-12-26 | Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS)... |
| CVE-2020-35437 | 2020-12-26 | Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS)... |
| CVE-2020-35450 | 2020-12-26 | Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus... |
| CVE-2020-35359 | 2020-12-26 | Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use... |
| CVE-2020-35362 | 2020-12-26 | DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in... |
| CVE-2020-35284 | 2020-12-26 | Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because... |
| CVE-2020-35364 | 2020-12-26 | Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to... |
| CVE-2020-28759 | 2020-12-26 | The serializer module in OAID Tengine lite-v1.0 has a Buffer... |
| CVE-2020-29203 | 2020-12-26 | struct2json before 2020-11-18 is affected by a Buffer Overflow because... |
| CVE-2020-35242 | 2020-12-26 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability... |
| CVE-2020-35243 | 2020-12-26 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability... |
| CVE-2020-35244 | 2020-12-26 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability... |