| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
801 |
CVE-2020-5920 |
89 |
|
Sql |
2020-08-26 |
2020-09-02 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. |
|
802 |
CVE-2020-5919 |
|
|
|
2020-08-26 |
2020-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel (TMM) to stop responding. |
|
803 |
CVE-2020-5918 |
400 |
|
|
2020-08-26 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic when traffic volume is high. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. |
|
804 |
CVE-2020-5917 |
326 |
|
|
2020-08-26 |
2020-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure. |
|
805 |
CVE-2020-5916 |
200 |
|
+Info |
2020-08-26 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. |
|
806 |
CVE-2020-5915 |
79 |
|
XSS |
2020-08-26 |
2020-08-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device trust. |
|
807 |
CVE-2020-5914 |
20 |
|
|
2020-08-26 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some circumstances. |
|
808 |
CVE-2020-5913 |
295 |
|
|
2020-08-26 |
2020-09-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections. |
|
809 |
CVE-2020-5912 |
20 |
|
|
2020-08-26 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files. |
|
810 |
CVE-2020-5775 |
918 |
|
|
2020-08-21 |
2020-08-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains. |
|
811 |
CVE-2020-5774 |
613 |
|
|
2020-08-21 |
2020-08-28 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session. |
|
812 |
CVE-2020-5773 |
269 |
|
|
2020-08-03 |
2020-08-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations. |
|
813 |
CVE-2020-5772 |
434 |
|
+Priv |
2020-08-03 |
2021-07-21 |
7.1 |
None |
Remote |
High |
??? |
Complete |
Complete |
Complete |
|
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. |
|
814 |
CVE-2020-5771 |
434 |
|
+Priv |
2020-08-03 |
2021-07-21 |
7.1 |
None |
Remote |
High |
??? |
Complete |
Complete |
Complete |
|
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. |
|
815 |
CVE-2020-5770 |
352 |
|
CSRF |
2020-08-03 |
2020-08-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. |
|
816 |
CVE-2020-5625 |
79 |
|
XSS |
2020-08-28 |
2020-08-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. |
|
817 |
CVE-2020-5624 |
89 |
|
Exec Code Sql |
2020-08-28 |
2020-08-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
818 |
CVE-2020-5623 |
601 |
|
|
2020-08-28 |
2020-09-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. |
|
819 |
CVE-2020-5621 |
352 |
|
CSRF |
2020-08-28 |
2020-09-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors. |
|
820 |
CVE-2020-5620 |
79 |
|
XSS |
2020-08-25 |
2020-08-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file. |
|
821 |
CVE-2020-5619 |
79 |
|
XSS |
2020-08-25 |
2020-08-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors. |
|
822 |
CVE-2020-5617 |
269 |
|
+Info |
2020-08-04 |
2020-08-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors. |
|
823 |
CVE-2020-5616 |
287 |
|
Bypass |
2020-08-04 |
2020-08-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors. |
|
824 |
CVE-2020-5615 |
352 |
|
CSRF |
2020-08-04 |
2020-08-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
|
825 |
CVE-2020-5609 |
22 |
|
Dir. Trav. |
2020-08-05 |
2020-08-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. |
|
826 |
CVE-2020-5608 |
287 |
|
Bypass |
2020-08-05 |
2020-08-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors. |
|
827 |
CVE-2020-5541 |
601 |
|
|
2020-08-25 |
2020-09-24 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. |
|
828 |
CVE-2020-5540 |
79 |
|
XSS |
2020-08-25 |
2020-09-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to inject arbitrary script or HTML via a specially crafted URL. |
|
829 |
CVE-2020-5419 |
427 |
|
Exec Code |
2020-08-31 |
2022-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. |
|
830 |
CVE-2020-5417 |
732 |
|
|
2020-08-21 |
2021-08-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components. |
|
831 |
CVE-2020-5416 |
404 |
|
|
2020-08-21 |
2021-06-07 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool. |
|
832 |
CVE-2020-5415 |
290 |
|
|
2020-08-12 |
2020-08-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team. |
|
833 |
CVE-2020-5412 |
610 |
|
|
2020-08-07 |
2020-08-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly. |
|
834 |
CVE-2020-5385 |
732 |
|
+Priv |
2020-08-18 |
2020-08-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. |
|
835 |
CVE-2020-5383 |
119 |
|
Overflow |
2020-08-27 |
2020-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart. |
|
836 |
CVE-2020-4687 |
200 |
|
+Info |
2020-08-20 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to. IBM X-Force ID: 186679. |
|
837 |
CVE-2020-4686 |
269 |
|
|
2020-08-17 |
2021-07-21 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678. |
|
838 |
CVE-2020-4662 |
287 |
|
|
2020-08-14 |
2020-08-14 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233. |
|
839 |
CVE-2020-4653 |
601 |
|
+Info |
2020-08-19 |
2020-08-25 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. |
|
840 |
CVE-2020-4648 |
863 |
|
|
2020-08-19 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so. IBM X-Force ID: 186019. |
|
841 |
CVE-2020-4631 |
732 |
|
|
2020-08-04 |
2020-08-04 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372. |
|
842 |
CVE-2020-4603 |
269 |
|
|
2020-08-27 |
2020-08-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880. |
|
843 |
CVE-2020-4598 |
601 |
|
+Info |
2020-08-24 |
2020-08-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 184823. |
|
844 |
CVE-2020-4593 |
522 |
|
|
2020-08-24 |
2020-08-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747. |
|
845 |
CVE-2020-4591 |
200 |
|
+Info |
2020-08-28 |
2021-07-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool. IBM X-Force ID: 184746. |
|
846 |
CVE-2020-4589 |
502 |
|
Exec Code |
2020-08-13 |
2022-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 184585. |
|
847 |
CVE-2020-4587 |
787 |
|
|
2020-08-24 |
2020-08-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578. |
|
848 |
CVE-2020-4575 |
79 |
|
XSS |
2020-08-27 |
2020-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. |
|
849 |
CVE-2020-4560 |
79 |
|
XSS |
2020-08-03 |
2020-08-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
|
850 |
CVE-2020-4559 |
20 |
|
DoS |
2020-08-28 |
2020-08-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613. |
