CVE List - 2020 / December
Showing 1201 - 1300 of 1538 CVEs for December 2020 (Page 13 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-35245 | 2020-12-26 | Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability... |
| CVE-2020-35678 | 2020-12-27 | Autobahn|Python before 20.12.3 allows redirect header injection. |
| CVE-2020-8289 | 2020-12-27 | Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before... |
| CVE-2020-8290 | 2020-12-27 | Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer... |
| CVE-2020-7845 | 2020-12-27 | Jiransecurity Spamsniper Stack-based Buffer Overflow Vulnerability |
| CVE-2020-35448 | 2020-12-27 | An issue was discovered in the Binary File Descriptor (BFD)... |
| CVE-2020-35728 | 2020-12-27 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization... |
| CVE-2020-35729 | 2020-12-27 | KLog Server 2.4.1 allows OS command injection via shell metacharacters... |
| CVE-2020-29204 | 2020-12-27 | XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass... |
| CVE-2020-29299 | 2020-12-27 | Certain Zyxel products allow command injection by an admin via... |
| CVE-2020-29249 | 2020-12-27 | CXUUCMS V3 allows class="layui-input" XSS. |
| CVE-2020-29250 | 2020-12-27 | CXUUCMS V3 allows XSS via the first and third input... |
| CVE-2020-29156 | 2020-12-27 | The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers... |
| CVE-2020-35736 | 2020-12-27 | GateOne 1.1 allows arbitrary file download without authentication via /downloads/..... |
| CVE-2020-35738 | 2020-12-28 | WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c... |
| CVE-2020-28093 | 2020-12-28 | On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user,... |
| CVE-2020-28094 | 2020-12-28 | On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings... |
| CVE-2020-28096 | 2020-12-28 | FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART... |
| CVE-2020-29193 | 2020-12-28 | Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password... |
| CVE-2020-29194 | 2020-12-28 | Panasonic Security System WV-S2231L 4.25 allows a denial of service... |
| CVE-2020-29242 | 2020-12-28 | dhowden tag before 2020-11-19 allows "panic: runtime error: index out... |
| CVE-2020-29243 | 2020-12-28 | dhowden tag before 2020-11-19 allows "panic: runtime error: index out... |
| CVE-2020-29244 | 2020-12-28 | dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds... |
| CVE-2020-29245 | 2020-12-28 | dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds... |
| CVE-2020-29160 | 2020-12-28 | An issue was discovered in Zammad before 3.5.1. A REST... |
| CVE-2020-29159 | 2020-12-28 | An issue was discovered in Zammad before 3.5.1. The default... |
| CVE-2020-29158 | 2020-12-28 | An issue was discovered in Zammad before 3.5.1. An Agent... |
| CVE-2020-26035 | 2020-12-28 | An issue was discovered in Zammad before 3.4.1. There is... |
| CVE-2020-26034 | 2020-12-28 | An account-enumeration issue was discovered in Zammad before 3.4.1. The... |
| CVE-2020-26033 | 2020-12-28 | An issue was discovered in Zammad before 3.4.1. The Tag... |
| CVE-2020-26032 | 2020-12-28 | An SSRF issue was discovered in Zammad before 3.4.1. The... |
| CVE-2020-26031 | 2020-12-28 | An issue was discovered in Zammad before 3.4.1. The global-search... |
| CVE-2020-26030 | 2020-12-28 | An issue was discovered in Zammad before 3.4.1. There is... |
| CVE-2020-26029 | 2020-12-28 | An issue was discovered in Zammad before 3.4.1. There are... |
| CVE-2020-26028 | 2020-12-28 | An issue was discovered in Zammad before 3.4.1. Admin Users... |
| CVE-2020-35627 | 2020-12-28 | Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file... |
| CVE-2020-26569 | 2020-12-28 | In EVPN VxLAN setups in Arista EOS, specific malformed packets... |
| CVE-2020-24360 | 2020-12-28 | An issue with ARP packets in Arista’s EOS affecting the... |
| CVE-2020-15898 | 2020-12-28 | In Arista EOS malformed packets can be incorrectly forwarded across... |
| CVE-2020-27837 | 2020-12-28 | A flaw was found in GDM in versions prior to... |
| CVE-2020-26289 | 2020-12-28 | Regular expression Denial of Service in date-and-time |
| CVE-2020-14273 | 2020-12-28 | HCL Domino is susceptible to a Denial of Service (DoS)... |
| CVE-2020-26290 | 2020-12-28 | Critical security issues in XML encoding in Dex |
| CVE-2020-35766 | 2020-12-28 | The test suite in libopendkim in OpenDKIM through 2.10.3 allows... |
| CVE-2020-25507 | 2020-12-28 | An incorrect permission assignment during the installation script of TeamworkCloud... |
| CVE-2020-35730 | 2020-12-28 | An XSS issue was discovered in Roundcube Webmail before 1.2.13,... |
| CVE-2020-35610 | 2020-12-28 | [20201101] - Core - com_finder ignores access levels on autosuggest |
| CVE-2020-35611 | 2020-12-28 | [20201102] - Core - Disclosure of secrets in Global Configuration page |
| CVE-2020-35612 | 2020-12-28 | [20201103] - Core - Path traversal in mod_random_image |
| CVE-2020-35613 | 2020-12-28 | [20201104] - Core - SQL injection in com_users list view |
| CVE-2020-35614 | 2020-12-28 | [20201105] - Core - User Enumeration in backend login |
| CVE-2020-35615 | 2020-12-28 | [20201106] - Core - CSRF in com_privacy emailexport feature |
| CVE-2020-35616 | 2020-12-28 | [20201107] - Core - Write ACL violation in multiple core views |
| CVE-2020-27172 | 2020-12-28 | An issue was discovered in G-Data before 25.5.9.25 using Symbolic... |
| CVE-2020-13473 | 2020-12-28 | NCH Express Accounts 8.24 and earlier allows local users to... |
| CVE-2020-13474 | 2020-12-28 | In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege... |
| CVE-2020-13476 | 2020-12-28 | NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected... |
| CVE-2020-26286 | 2020-12-28 | Arbitary file upload |
| CVE-2020-26287 | 2020-12-28 | Stored XSS in mermaid diagrams |
| CVE-2020-35769 | 2020-12-29 | miniserv.pl in Webmin 1.962 on Windows mishandles special characters in... |
| CVE-2020-25847 | 2020-12-29 | Command Injection Vulnerability in QTS and QuTS hero |
| CVE-2020-17533 | 2020-12-29 | Apache Accumulo Improper Handling of Insufficient Permissions |
| CVE-2020-29475 | 2020-12-29 | nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in... |
| CVE-2020-5802 | 2020-12-29 | An attacker-controlled memory allocation size can be passed to the... |
| CVE-2020-5806 | 2020-12-29 | An attacker-controlled memory allocation size can be passed to the... |
| CVE-2020-5801 | 2020-12-29 | An attacker can craft and send an OpenNamespace message to... |
| CVE-2020-5807 | 2020-12-29 | An unauthenticated remote attacker can send data to RsvcHost.exe listening... |
| CVE-2020-29471 | 2020-12-29 | OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the... |
| CVE-2020-29470 | 2020-12-29 | OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the... |
| CVE-2020-28277 | 2020-12-29 | Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows... |
| CVE-2020-28276 | 2020-12-29 | Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows... |
| CVE-2020-28281 | 2020-12-29 | Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows... |
| CVE-2020-28282 | 2020-12-29 | Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker... |
| CVE-2020-28283 | 2020-12-29 | Prototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows... |
| CVE-2020-28278 | 2020-12-29 | Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows... |
| CVE-2020-28279 | 2020-12-29 | Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows... |
| CVE-2020-28280 | 2020-12-29 | Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows... |
| CVE-2020-9124 | 2020-12-29 | There is a memory leak vulnerability in some versions of... |
| CVE-2020-9125 | 2020-12-29 | There is an out-of-bound read vulnerability in huawei smartphone Mate... |
| CVE-2020-9093 | 2020-12-29 | There is a use after free vulnerability in Taurus-AL00A versions... |
| CVE-2020-9208 | 2020-12-29 | There is an information leak vulnerability in iManager NetEco 6000... |
| CVE-2020-9094 | 2020-12-29 | There is an out of bound read vulnerability in some... |
| CVE-2020-35773 | 2020-12-29 | The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce... |
| CVE-2020-35774 | 2020-12-29 | server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some... |
| CVE-2020-1848 | 2020-12-29 | There is a resource management error vulnerability in Jackman-AL00D versions... |
| CVE-2020-9207 | 2020-12-29 | There is an improper authentication vulnerability in some verisons of... |
| CVE-2020-9223 | 2020-12-29 | There is a denial of service vulnerability in some Huawei... |
| CVE-2020-35735 | 2020-12-29 | Vidyo 02-09-/D allows clickjacking via the portal/ URI. |
| CVE-2020-16268 | 2020-12-29 | The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows... |
| CVE-2020-27643 | 2020-12-29 | The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows... |
| CVE-2020-27644 | 2020-12-29 | The Inventory module of the 1E Client 5.0.0.745 doesn't handle... |
| CVE-2020-27645 | 2020-12-29 | The Inventory module of the 1E Client 5.0.0.745 doesn't handle... |
| CVE-2020-10148 | 2020-12-29 | SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands |
| CVE-2020-10210 | 2020-12-29 | Because of hard-coded SSH keys for the root user in... |
| CVE-2020-10207 | 2020-12-29 | Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x... |
| CVE-2020-35800 | 2020-12-29 | Certain NETGEAR devices are affected by incorrect configuration of security... |
| CVE-2020-35796 | 2020-12-29 | Certain NETGEAR devices are affected by a buffer overflow by... |
| CVE-2020-35795 | 2020-12-29 | Certain NETGEAR devices are affected by a buffer overflow by... |
| CVE-2020-35842 | 2020-12-29 | Certain NETGEAR devices are affected by stored XSS. This affects... |
| CVE-2020-35841 | 2020-12-29 | Certain NETGEAR devices are affected by stored XSS. This affects... |