| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-15415 |
78 |
|
Exec Code |
2020-06-30 |
2020-07-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. |
|
2 |
CVE-2020-15412 |
269 |
|
|
2020-06-30 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form. |
|
3 |
CVE-2020-15411 |
269 |
|
|
2020-06-30 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader. |
|
4 |
CVE-2020-15400 |
352 |
|
XSS CSRF |
2020-06-30 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. |
|
5 |
CVE-2020-15397 |
269 |
|
Exec Code |
2020-06-30 |
2020-09-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root). |
|
6 |
CVE-2020-15396 |
362 |
|
|
2020-06-30 |
2022-04-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root. |
|
7 |
CVE-2020-15395 |
125 |
|
|
2020-06-30 |
2020-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing). |
|
8 |
CVE-2020-15389 |
416 |
|
|
2020-06-29 |
2021-07-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. |
|
9 |
CVE-2020-15365 |
787 |
|
|
2020-06-28 |
2020-07-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. |
|
10 |
CVE-2020-15364 |
79 |
|
XSS |
2020-06-28 |
2020-07-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS. |
|
11 |
CVE-2020-15363 |
89 |
|
Sql |
2020-06-28 |
2020-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection. |
|
12 |
CVE-2020-15362 |
74 |
|
Exec Code |
2020-06-29 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code. |
|
13 |
CVE-2020-15360 |
269 |
|
|
2020-06-27 |
2020-07-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. |
|
14 |
CVE-2020-15351 |
276 |
|
|
2020-06-26 |
2020-07-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one. |
|
15 |
CVE-2020-15348 |
74 |
|
|
2020-06-26 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. |
|
16 |
CVE-2020-15336 |
306 |
|
|
2020-06-26 |
2020-08-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. |
|
17 |
CVE-2020-15335 |
306 |
|
|
2020-06-26 |
2020-08-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. |
|
18 |
CVE-2020-15324 |
798 |
|
|
2020-06-29 |
2020-07-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. |
|
19 |
CVE-2020-15323 |
798 |
|
|
2020-06-29 |
2020-07-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. |
|
20 |
CVE-2020-15322 |
798 |
|
|
2020-06-29 |
2020-07-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. |
|
21 |
CVE-2020-15321 |
798 |
|
|
2020-06-29 |
2020-07-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. |
|
22 |
CVE-2020-15320 |
798 |
|
|
2020-06-29 |
2020-07-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. |
|
23 |
CVE-2020-15319 |
798 |
|
|
2020-06-29 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. |
|
24 |
CVE-2020-15318 |
798 |
|
|
2020-06-29 |
2020-07-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree. |
|
25 |
CVE-2020-15317 |
798 |
|
|
2020-06-29 |
2020-07-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. |
|
26 |
CVE-2020-15316 |
798 |
|
|
2020-06-29 |
2020-07-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. |
|
27 |
CVE-2020-15315 |
798 |
|
|
2020-06-29 |
2020-07-06 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. |
|
28 |
CVE-2020-15314 |
798 |
|
|
2020-06-29 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. |
|
29 |
CVE-2020-15313 |
798 |
|
|
2020-06-29 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. |
|
30 |
CVE-2020-15312 |
798 |
|
|
2020-06-29 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. |
|
31 |
CVE-2020-15308 |
89 |
|
Sql |
2020-06-26 |
2020-07-06 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-authentication SQL injection via the site_edit.php typeid or site parameter, the search_incidents_advanced.php search_title parameter, or the report_qbe.php criteriafield parameter. |
|
32 |
CVE-2020-15307 |
79 |
|
XSS |
2020-06-30 |
2020-07-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name. |
|
33 |
CVE-2020-15302 |
311 |
|
DoS |
2020-06-25 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover. |
|
34 |
CVE-2020-15087 |
285 |
|
Bypass |
2020-06-30 |
2021-04-08 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that have not configured secure internal communication, as these installations are inherently insecure. This only affects Presto server installations. This does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers. |
|
35 |
CVE-2020-15084 |
285 |
|
Bypass |
2020-06-30 |
2020-07-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have **algorithms** configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0. |
|
36 |
CVE-2020-15069 |
120 |
|
Exec Code Overflow |
2020-06-29 |
2020-07-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x. |
|
37 |
CVE-2020-15049 |
444 |
|
|
2020-06-30 |
2021-03-12 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value. |
|
38 |
CVE-2020-15047 |
295 |
|
|
2020-06-25 |
2020-07-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers. |
|
39 |
CVE-2020-15046 |
352 |
|
CSRF |
2020-06-24 |
2020-07-13 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88. |
|
40 |
CVE-2020-15043 |
352 |
|
CSRF |
2020-06-29 |
2020-07-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses. |
|
41 |
CVE-2020-15041 |
79 |
|
XSS |
2020-06-24 |
2020-06-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field. |
|
42 |
CVE-2020-15038 |
79 |
|
XSS |
2020-06-24 |
2020-07-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. |
|
43 |
CVE-2020-15026 |
22 |
|
Dir. Trav. |
2020-06-24 |
2020-06-30 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php. |
|
44 |
CVE-2020-15025 |
401 |
|
DoS |
2020-06-24 |
2021-01-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. |
|
45 |
CVE-2020-15018 |
384 |
|
|
2020-06-24 |
2020-07-08 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
playSMS through 1.4.3 is vulnerable to session fixation. |
|
46 |
CVE-2020-15017 |
79 |
|
XSS |
2020-06-26 |
2020-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices-Config.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the sta GET parameter. |
|
47 |
CVE-2020-15016 |
79 |
|
XSS |
2020-06-26 |
2020-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-Converter.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the txt GET parameter. |
|
48 |
CVE-2020-15015 |
79 |
|
XSS |
2020-06-24 |
2020-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XSS via an SVG document. |
|
49 |
CVE-2020-15014 |
352 |
|
CSRF |
2020-06-24 |
2020-06-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. |
|
50 |
CVE-2020-15007 |
120 |
|
Exec Code Overflow |
2020-06-24 |
2020-07-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument. |
