| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-16165 |
89 |
|
Sql |
2020-07-30 |
2020-08-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters. |
|
2 |
CVE-2020-16163 |
295 |
|
DoS Bypass |
2020-07-30 |
2020-08-06 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent routing systems. NOTE: third parties assert that the behavior is intentionally permitted by RFC 8182. |
|
3 |
CVE-2020-16136 |
732 |
|
Dir. Trav. |
2020-07-31 |
2021-07-21 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
|
In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however. |
|
4 |
CVE-2020-16088 |
287 |
|
Bypass |
2020-07-28 |
2022-01-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches. |
|
5 |
CVE-2020-15932 |
59 |
|
|
2020-07-24 |
2020-08-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. |
|
6 |
CVE-2020-15923 |
22 |
|
Dir. Trav. |
2020-07-24 |
2020-07-27 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal. |
|
7 |
CVE-2020-15922 |
78 |
|
Exec Code |
2020-07-24 |
2022-01-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required. |
|
8 |
CVE-2020-15921 |
287 |
|
Exec Code |
2020-07-24 |
2022-04-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution. |
|
9 |
CVE-2020-15920 |
78 |
|
Exec Code |
2020-07-24 |
2020-09-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. |
|
10 |
CVE-2020-15917 |
|
|
|
2020-07-23 |
2020-11-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. |
|
11 |
CVE-2020-15916 |
78 |
|
Exec Code |
2020-07-23 |
2020-07-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. |
|
12 |
CVE-2020-15904 |
787 |
|
Overflow |
2020-07-22 |
2020-07-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file. |
|
13 |
CVE-2020-15901 |
|
|
Exec Code |
2020-07-22 |
2020-11-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. |
|
14 |
CVE-2020-15900 |
787 |
|
Mem. Corr. |
2020-07-28 |
2022-04-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. |
|
15 |
CVE-2020-15893 |
78 |
|
|
2020-07-22 |
2020-07-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. |
|
16 |
CVE-2020-15892 |
120 |
|
Overflow Bypass |
2020-07-22 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user. |
|
17 |
CVE-2020-15889 |
125 |
|
|
2020-07-21 |
2020-12-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. |
|
18 |
CVE-2020-15888 |
416 |
|
Overflow |
2020-07-21 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. |
|
19 |
CVE-2020-15887 |
89 |
|
Exec Code Sql |
2020-07-23 |
2020-09-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint. |
|
20 |
CVE-2020-15886 |
89 |
|
Exec Code Sql |
2020-07-23 |
2020-09-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint. |
|
21 |
CVE-2020-15884 |
89 |
|
Exec Code Sql |
2020-07-23 |
2020-07-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data. |
|
22 |
CVE-2020-15877 |
668 |
|
|
2020-07-21 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php. |
|
23 |
CVE-2020-15871 |
732 |
|
Exec Code |
2020-07-31 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. |
|
24 |
CVE-2020-15866 |
787 |
|
Overflow |
2020-07-21 |
2022-05-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function. |
|
25 |
CVE-2020-15860 |
|
|
Exec Code |
2020-07-24 |
2020-09-16 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm. |
|
26 |
CVE-2020-15842 |
502 |
|
Exec Code |
2020-07-20 |
2020-07-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization. |
|
27 |
CVE-2020-15816 |
74 |
|
Exec Code |
2020-07-17 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables. |
|
28 |
CVE-2020-15813 |
295 |
|
Bypass |
2020-07-17 |
2020-07-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all versions that support LDAP) does not implement proper certificate validation (regardless of whether the "Allow self-signed certificates" option is used). Therefore, any attacker with the ability to intercept network traffic between a Graylog server and an LDAP server is able to redirect traffic to a different LDAP server (unnoticed by the Graylog server due to the lack of certificate validation), effectively bypassing Graylog's authentication mechanism. |
|
29 |
CVE-2020-15801 |
426 |
|
|
2020-07-17 |
2022-04-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. |
|
30 |
CVE-2020-15780 |
862 |
|
Bypass |
2020-07-15 |
2022-04-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. |
|
31 |
CVE-2020-15778 |
78 |
|
|
2020-07-24 |
2021-06-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." |
|
32 |
CVE-2020-15724 |
426 |
|
Exec Code Bypass |
2020-07-21 |
2021-07-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. |
|
33 |
CVE-2020-15723 |
426 |
|
Exec Code Bypass |
2020-07-21 |
2021-07-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system. |
|
34 |
CVE-2020-15722 |
426 |
|
Exec Code |
2020-07-21 |
2021-07-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system. |
|
35 |
CVE-2020-15715 |
|
|
Exec Code |
2020-07-28 |
2020-07-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter. |
|
36 |
CVE-2020-15714 |
89 |
|
Sql |
2020-07-28 |
2020-07-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database. |
|
37 |
CVE-2020-15713 |
89 |
|
Sql |
2020-07-28 |
2020-07-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database. |
|
38 |
CVE-2020-15711 |
352 |
|
CSRF |
2020-07-14 |
2020-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected. |
|
39 |
CVE-2020-15700 |
352 |
|
CSRF |
2020-07-15 |
2020-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability. |
|
40 |
CVE-2020-15695 |
352 |
|
CSRF |
2020-07-15 |
2020-07-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability. |
|
41 |
CVE-2020-15688 |
294 |
|
Bypass |
2020-07-23 |
2020-10-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. |
|
42 |
CVE-2020-15628 |
89 |
|
Sql |
2020-07-28 |
2020-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9710. |
|
43 |
CVE-2020-15627 |
89 |
|
Sql |
2020-07-28 |
2020-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the account parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9738. |
|
44 |
CVE-2020-15626 |
89 |
|
Sql |
2020-07-28 |
2020-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the term parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9730. |
|
45 |
CVE-2020-15625 |
89 |
|
Sql |
2020-07-28 |
2020-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_add_mailbox.php. When parsing the username parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9729. |
|
46 |
CVE-2020-15624 |
89 |
|
Sql |
2020-07-28 |
2020-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_new_account.php. When parsing the domain parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9727. |
|
47 |
CVE-2020-15623 |
749 |
|
Exec Code |
2020-07-28 |
2020-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9722. |
|
48 |
CVE-2020-15622 |
89 |
|
Sql |
2020-07-28 |
2020-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the search parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9712. |
|
49 |
CVE-2020-15621 |
89 |
|
Sql |
2020-07-28 |
2020-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mail_autoreply.php. When parsing the email parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9711. |
|
50 |
CVE-2020-15620 |
89 |
|
Sql |
2020-07-28 |
2020-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the id parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-9741. |
