| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
451 |
CVE-2020-14367 |
59 |
|
DoS |
2020-08-24 |
2020-09-09 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. |
|
452 |
CVE-2020-14364 |
125 |
|
DoS Exec Code |
2020-08-31 |
2020-11-11 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. |
|
453 |
CVE-2020-14356 |
476 |
|
|
2020-08-19 |
2020-11-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. |
|
454 |
CVE-2020-14352 |
22 |
|
Dir. Trav. |
2020-08-30 |
2020-11-09 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. |
|
455 |
CVE-2020-14350 |
426 |
|
|
2020-08-24 |
2020-09-18 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23. |
|
456 |
CVE-2020-14349 |
89 |
|
Exec Code Sql |
2020-08-24 |
2020-09-18 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
|
It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. |
|
457 |
CVE-2020-14347 |
665 |
|
Bypass |
2020-08-05 |
2020-12-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable. |
|
458 |
CVE-2020-14344 |
190 |
|
Overflow |
2020-08-05 |
2020-12-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux. |
|
459 |
CVE-2020-14333 |
79 |
|
XSS |
2020-08-18 |
2020-12-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack. This flaw allows an attacker to leverage a phishing attack, steal an unsuspecting user's cookies or other confidential information, or impersonate them within the application's context. |
|
460 |
CVE-2020-14325 |
863 |
|
|
2020-08-11 |
2021-07-21 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. |
|
461 |
CVE-2020-14324 |
78 |
|
Exec Code |
2020-08-11 |
2020-08-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server. |
|
462 |
CVE-2020-14319 |
352 |
|
Bypass CSRF |
2020-08-03 |
2020-08-12 |
4.0 |
None |
Remote |
High |
Not required |
None |
Partial |
Partial |
|
It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2. |
|
463 |
CVE-2020-14313 |
200 |
|
+Info |
2020-08-11 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace. |
|
464 |
CVE-2020-14296 |
918 |
|
|
2020-08-11 |
2020-08-12 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible. |
|
465 |
CVE-2020-14215 |
863 |
|
|
2020-08-21 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations. |
|
466 |
CVE-2020-14201 |
269 |
|
|
2020-08-21 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code. |
|
467 |
CVE-2020-14194 |
20 |
|
|
2020-08-21 |
2021-07-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link. |
|
468 |
CVE-2020-14044 |
918 |
|
Exec Code |
2020-08-24 |
2021-03-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install feature to make the server request any URL via components/market/class.market.php. This could potentially result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." |
|
469 |
CVE-2020-14043 |
352 |
|
Exec Code CSRF |
2020-08-24 |
2021-03-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." |
|
470 |
CVE-2020-14042 |
79 |
|
XSS |
2020-08-25 |
2021-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." |
|
471 |
CVE-2020-13941 |
20 |
|
|
2020-08-17 |
2021-03-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. |
|
472 |
CVE-2020-13933 |
|
|
Bypass |
2020-08-17 |
2022-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. |
|
473 |
CVE-2020-13921 |
89 |
|
Sql |
2020-08-05 |
2020-08-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. |
|
474 |
CVE-2020-13863 |
74 |
|
|
2020-08-26 |
2020-09-01 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information. |
|
475 |
CVE-2020-13828 |
79 |
|
XSS |
2020-08-31 |
2020-09-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. |
|
476 |
CVE-2020-13826 |
74 |
|
Exec Code |
2020-08-20 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. |
|
477 |
CVE-2020-13825 |
79 |
|
XSS |
2020-08-20 |
2020-08-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter. |
|
478 |
CVE-2020-13821 |
79 |
|
XSS |
2020-08-26 |
2020-12-23 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the administrator's account of the Broker. |
|
479 |
CVE-2020-13820 |
79 |
|
XSS |
2020-08-03 |
2020-08-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. |
|
480 |
CVE-2020-13819 |
79 |
|
XSS |
2020-08-05 |
2020-08-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. |
|
481 |
CVE-2020-13793 |
798 |
|
|
2020-08-06 |
2020-08-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. |
|
482 |
CVE-2020-13767 |
306 |
|
|
2020-08-26 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information, |
|
483 |
CVE-2020-13655 |
79 |
|
XSS |
2020-08-31 |
2020-09-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project the current user has access to, the file and target parameters are reflected. |
|
484 |
CVE-2020-13617 |
307 |
|
|
2020-08-26 |
2020-09-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory handling during failed login attempts. |
|
485 |
CVE-2020-13595 |
617 |
|
|
2020-08-31 |
2020-09-08 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets. |
|
486 |
CVE-2020-13594 |
20 |
|
DoS |
2020-08-31 |
2020-09-08 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. |
|
487 |
CVE-2020-13593 |
863 |
|
DoS |
2020-08-31 |
2021-07-21 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. An attacker in radio range can achieve arbitrary read/write access to protected GATT service data, cause a denial of service, or possibly control a device's function by establishing an encrypted session with an unauthenticated Long Term Key (LTK). |
|
488 |
CVE-2020-13523 |
862 |
|
|
2020-08-04 |
2022-06-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. |
|
489 |
CVE-2020-13522 |
|
|
|
2020-08-04 |
2022-06-07 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability. |
|
490 |
CVE-2020-13472 |
668 |
|
|
2020-08-31 |
2020-09-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module. |
|
491 |
CVE-2020-13471 |
|
|
Exec Code |
2020-08-31 |
2020-09-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. |
|
492 |
CVE-2020-13470 |
668 |
|
|
2020-08-31 |
2020-09-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data. |
|
493 |
CVE-2020-13469 |
668 |
|
|
2020-08-31 |
2020-09-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU. |
|
494 |
CVE-2020-13468 |
276 |
|
|
2020-08-31 |
2020-09-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection). |
|
495 |
CVE-2020-13467 |
755 |
|
|
2020-08-31 |
2020-09-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. |
|
496 |
CVE-2020-13466 |
|
|
Exec Code |
2020-08-31 |
2020-09-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. |
|
497 |
CVE-2020-13465 |
20 |
|
Exec Code |
2020-08-31 |
2020-09-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface. |
|
498 |
CVE-2020-13464 |
200 |
|
+Info |
2020-08-31 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module. |
|
499 |
CVE-2020-13463 |
755 |
|
|
2020-08-31 |
2020-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. |
|
500 |
CVE-2020-13410 |
755 |
|
|
2020-08-26 |
2020-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream. |
