CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2020 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-16165 89 Sql 2020-07-30 2020-08-05
7.5
None Remote Low Not required Partial Partial Partial
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.
2 CVE-2020-16164 295 DoS Bypass 2020-07-30 2020-12-30
5.8
None Remote Medium Not required None Partial Partial
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view. NOTE: some third parties may regard this as a preferred behavior, not a vulnerability.
3 CVE-2020-16163 295 DoS Bypass 2020-07-30 2020-08-06
6.4
None Remote Low Not required None Partial Partial
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent routing systems. NOTE: third parties assert that the behavior is intentionally permitted by RFC 8182.
4 CVE-2020-16162 295 Bypass 2020-07-30 2020-08-06
5.0
None Remote Low Not required None Partial None
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates. NOTE: there may be counterarguments related to backwards compatibility.
5 CVE-2020-16136 732 Dir. Trav. 2020-07-31 2021-07-21
6.8
None Remote Low ??? Complete None None
In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however.
6 CVE-2020-16118 476 2020-07-29 2020-08-18
5.0
None Remote Low Not required None None Partial
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
7 CVE-2020-16094 674 2020-07-28 2022-01-04
5.0
None Remote Low Not required None None Partial
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
8 CVE-2020-16088 287 Bypass 2020-07-28 2022-01-04
7.5
None Remote Low Not required Partial Partial Partial
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
9 CVE-2020-15957 347 2020-07-30 2020-08-05
5.0
None Remote Low Not required None Partial None
An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). When it is configured to check JWT before uploading/publishing keys, it is possible to skip the signature check by providing a JWT token with alg=none.
10 CVE-2020-15953 74 2020-07-27 2020-09-22
5.8
None Remote Medium Not required Partial Partial None
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
11 CVE-2020-15932 59 2020-07-24 2020-08-05
9.0
None Remote Low ??? Complete Complete Complete
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges.
12 CVE-2020-15924 89 Sql 2020-07-24 2020-07-27
5.0
None Remote Low Not required Partial None None
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters.
13 CVE-2020-15923 22 Dir. Trav. 2020-07-24 2020-07-27
7.8
None Remote Low Not required Complete None None
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal.
14 CVE-2020-15922 78 Exec Code 2020-07-24 2022-01-01
10.0
None Remote Low Not required Complete Complete Complete
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required.
15 CVE-2020-15921 287 Exec Code 2020-07-24 2022-04-28
7.5
None Remote Low Not required Partial Partial Partial
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution.
16 CVE-2020-15920 78 Exec Code 2020-07-24 2020-09-16
10.0
None Remote Low Not required Complete Complete Complete
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.
17 CVE-2020-15917 2020-07-23 2020-11-03
7.5
None Remote Low Not required Partial Partial Partial
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
18 CVE-2020-15916 78 Exec Code 2020-07-23 2020-07-27
10.0
None Remote Low Not required Complete Complete Complete
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.
19 CVE-2020-15908 22 Dir. Trav. 2020-07-23 2020-07-27
5.0
None Remote Low Not required Partial None None
tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive.
20 CVE-2020-15904 787 Overflow 2020-07-22 2020-07-31
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.
21 CVE-2020-15901 Exec Code 2020-07-22 2020-11-13
7.5
None Remote Low Not required Partial Partial Partial
In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys.
22 CVE-2020-15900 787 Mem. Corr. 2020-07-28 2022-04-27
7.5
None Remote Low Not required Partial Partial Partial
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
23 CVE-2020-15899 345 2020-07-28 2020-08-04
5.0
None Remote Low Not required None None Partial
Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble.
24 CVE-2020-15896 287 Bypass 2020-07-22 2020-07-27
5.0
None Remote Low Not required Partial None None
An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1.
25 CVE-2020-15894 200 +Info 2020-07-22 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT.
26 CVE-2020-15893 78 2020-07-22 2020-07-24
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
27 CVE-2020-15892 120 Overflow Bypass 2020-07-22 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user.
28 CVE-2020-15890 125 2020-07-21 2020-09-19
5.0
None Remote Low Not required None None Partial
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.
29 CVE-2020-15889 125 2020-07-21 2020-12-23
7.5
None Remote Low Not required Partial Partial Partial
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.
30 CVE-2020-15888 416 Overflow 2020-07-21 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
31 CVE-2020-15887 89 Exec Code Sql 2020-07-23 2020-09-01
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint.
32 CVE-2020-15886 89 Exec Code Sql 2020-07-23 2020-09-01
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint.
33 CVE-2020-15884 89 Exec Code Sql 2020-07-23 2020-07-27
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data.
34 CVE-2020-15882 352 CSRF 2020-07-23 2020-08-05
5.8
None Remote Medium Not required None Partial Partial
A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database.
35 CVE-2020-15879 918 2020-07-21 2020-07-24
5.0
None Remote Low Not required Partial None None
Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16).
36 CVE-2020-15877 668 2020-07-21 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
37 CVE-2020-15871 732 Exec Code 2020-07-31 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.
38 CVE-2020-15866 787 Overflow 2020-07-21 2022-05-12
7.5
None Remote Low Not required Partial Partial Partial
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.
39 CVE-2020-15860 Exec Code 2020-07-24 2020-09-16
6.5
None Remote Low ??? Partial Partial Partial
Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm.
40 CVE-2020-15842 502 Exec Code 2020-07-20 2020-07-24
6.8
None Remote Medium Not required Partial Partial Partial
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.
41 CVE-2020-15816 74 Exec Code 2020-07-17 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
42 CVE-2020-15813 295 Bypass 2020-07-17 2020-07-22
6.8
None Remote Medium Not required Partial Partial Partial
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all versions that support LDAP) does not implement proper certificate validation (regardless of whether the "Allow self-signed certificates" option is used). Therefore, any attacker with the ability to intercept network traffic between a Graylog server and an LDAP server is able to redirect traffic to a different LDAP server (unnoticed by the Graylog server due to the lack of certificate validation), effectively bypassing Graylog's authentication mechanism.
43 CVE-2020-15806 770 2020-07-22 2021-07-21
5.0
None Remote Low Not required None None Partial
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
44 CVE-2020-15801 426 2020-07-17 2022-04-27
7.5
None Remote Low Not required Partial Partial Partial
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
45 CVE-2020-15780 862 Bypass 2020-07-15 2022-04-27
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
46 CVE-2020-15779 22 Dir. Trav. 2020-07-15 2020-07-22
5.0
None Remote Low Not required None Partial None
A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.
47 CVE-2020-15778 78 2020-07-24 2021-06-22
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
48 CVE-2020-15724 426 Exec Code Bypass 2020-07-21 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
49 CVE-2020-15723 426 Exec Code Bypass 2020-07-21 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
50 CVE-2020-15722 426 Exec Code 2020-07-21 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.
Total number of vulnerabilities : 776   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.