| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-8495 |
863 |
|
+Priv |
2020-01-30 |
2021-07-21 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters. |
|
2 |
CVE-2020-8494 |
269 |
|
+Priv |
2020-01-30 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the emp_id, userid, pw1, pw2, supervisor, and timekeeper parameters. |
|
3 |
CVE-2020-8492 |
400 |
|
DoS |
2020-01-30 |
2021-09-16 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. |
|
4 |
CVE-2020-8447 |
416 |
|
|
2020-01-30 |
2020-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). |
|
5 |
CVE-2020-8445 |
20 |
|
|
2020-01-30 |
2020-07-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are permitted in messages processed by ossec-analysisd, it may be possible to inject nested events into the ossec log. Use of terminal control characters may allow obfuscating events or executing commands when viewed through vulnerable terminal emulators. This may be an unauthenticated remote attack for certain types and origins of logged data. |
|
6 |
CVE-2020-8444 |
416 |
|
|
2020-01-30 |
2020-07-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). |
|
7 |
CVE-2020-8443 |
787 |
|
Overflow |
2020-01-30 |
2022-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted). |
|
8 |
CVE-2020-8442 |
787 |
|
Overflow |
2020-01-30 |
2020-07-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client. |
|
9 |
CVE-2020-8440 |
434 |
|
Exec Code |
2020-01-31 |
2020-02-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. |
|
10 |
CVE-2020-8438 |
78 |
|
Exec Code |
2020-01-29 |
2020-01-31 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. |
|
11 |
CVE-2020-8432 |
415 |
|
Exec Code |
2020-01-29 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis. |
|
12 |
CVE-2020-8424 |
352 |
|
CSRF |
2020-01-28 |
2020-12-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php. |
|
13 |
CVE-2020-8420 |
352 |
|
CSRF |
2020-01-28 |
2020-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. |
|
14 |
CVE-2020-8419 |
352 |
|
CSRF |
2020-01-28 |
2020-02-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. |
|
15 |
CVE-2020-8417 |
352 |
|
CSRF |
2020-01-28 |
2020-02-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. |
|
16 |
CVE-2020-8112 |
787 |
|
Overflow |
2020-01-28 |
2021-04-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851. |
|
17 |
CVE-2020-8088 |
843 |
|
Bypass |
2020-01-27 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. |
|
18 |
CVE-2020-8087 |
|
|
Exec Code |
2020-01-27 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument. |
|
19 |
CVE-2020-8086 |
863 |
|
|
2020-01-28 |
2020-02-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. |
|
20 |
CVE-2020-8001 |
798 |
|
|
2020-01-27 |
2020-01-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account. |
|
21 |
CVE-2020-8000 |
798 |
|
|
2020-01-27 |
2020-01-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account. |
|
22 |
CVE-2020-7999 |
798 |
|
|
2020-01-27 |
2020-01-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY. |
|
23 |
CVE-2020-7998 |
434 |
|
|
2020-01-28 |
2020-02-04 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service. |
|
24 |
CVE-2020-7995 |
307 |
|
|
2020-01-26 |
2022-04-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. |
|
25 |
CVE-2020-7991 |
352 |
|
CSRF |
2020-01-26 |
2020-01-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. |
|
26 |
CVE-2020-7981 |
89 |
|
Sql |
2020-01-25 |
2020-01-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. |
|
27 |
CVE-2020-7980 |
78 |
|
Exec Code |
2020-01-25 |
2020-01-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed. |
|
28 |
CVE-2020-7965 |
352 |
|
CSRF |
2020-01-29 |
2020-02-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is application/json when receiving JSON input. If the request body is valid JSON, it will accept it even if the content type is application/x-www-form-urlencoded. This allows for JSON POST requests to be made across domains, leading to CSRF. |
|
29 |
CVE-2020-7956 |
295 |
|
|
2020-01-31 |
2020-02-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. |
|
30 |
CVE-2020-7952 |
|
|
DoS Exec Code Mem. Corr. |
2020-01-27 |
2020-01-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. |
|
31 |
CVE-2020-7951 |
|
|
DoS Exec Code Mem. Corr. |
2020-01-27 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. |
|
32 |
CVE-2020-7950 |
|
|
DoS Exec Code |
2020-01-27 |
2020-01-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call. |
|
33 |
CVE-2020-7949 |
|
|
DoS Exec Code |
2020-01-27 |
2020-01-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call. |
|
34 |
CVE-2020-7941 |
269 |
|
|
2020-01-23 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. |
|
35 |
CVE-2020-7939 |
89 |
|
Sql |
2020-01-23 |
2020-01-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.) |
|
36 |
CVE-2020-7938 |
269 |
|
|
2020-01-23 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. |
|
37 |
CVE-2020-7931 |
|
|
Exec Code |
2020-01-23 |
2020-01-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template. |
|
38 |
CVE-2020-7799 |
74 |
|
Exec Code |
2020-01-28 |
2021-07-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates. |
|
39 |
CVE-2020-7596 |
74 |
|
Exec Code |
2020-01-25 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument. |
|
40 |
CVE-2020-7594 |
78 |
|
Exec Code |
2020-01-21 |
2020-01-29 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. |
|
41 |
CVE-2020-7247 |
78 |
|
Exec Code |
2020-01-29 |
2022-04-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation. |
|
42 |
CVE-2020-7246 |
22 |
|
Exec Code Dir. Trav. Bypass |
2020-01-21 |
2022-06-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884. |
|
43 |
CVE-2020-7245 |
640 |
|
|
2020-01-23 |
2020-01-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's username, but with white space inserted before and/or after the username. This will register the account with the same username as the victim. After initiating a password reset for the new account, CTFd will reset the victim's account password due to the username collision. |
|
44 |
CVE-2020-7244 |
78 |
|
Exec Code |
2020-01-20 |
2020-01-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) |
|
45 |
CVE-2020-7243 |
78 |
|
Exec Code |
2020-01-20 |
2020-01-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) |
|
46 |
CVE-2020-7242 |
78 |
|
Exec Code |
2020-01-20 |
2020-01-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.) |
|
47 |
CVE-2020-7240 |
78 |
|
Exec Code |
2020-01-20 |
2020-02-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration). Note: According to the description, the vulnerability requires a fully authenticated super-user account using a webUI function that allows super users to edit a script supposed to execute OS commands. The given weakness enumeration (CWE-78) is not applicable in this case as it refers to abusing functions/input fields not supposed to be accepting OS commands by using 'Special Elements.' |
|
48 |
CVE-2020-7237 |
78 |
|
Exec Code |
2020-01-20 |
2020-02-19 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. |
|
49 |
CVE-2020-7233 |
798 |
|
|
2020-01-19 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file. |
|
50 |
CVE-2020-7229 |
89 |
|
Sql |
2020-01-21 |
2020-01-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). The file is _lib/class.Job.php. |
