| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
51 |
CVE-2020-13390 |
120 |
|
Exec Code Overflow |
2020-05-22 |
2020-05-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. |
|
52 |
CVE-2020-13389 |
120 |
|
Exec Code Overflow |
2020-05-22 |
2020-05-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. |
|
53 |
CVE-2020-13388 |
78 |
|
Exec Code |
2020-05-22 |
2020-05-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used. |
|
54 |
CVE-2020-13386 |
732 |
|
|
2020-05-27 |
2020-06-01 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the context of the user who installed the product. Both scheduled tasks attempt to run the same binary, C:\SmartDraw 2020\Messages\SDNotify.exe. The folder Messages doesn't exist by default and (by extension) neither does SDNotify.exe. Due to the weak folder permissions, these can be created by any user. A malicious actor can therefore create a malicious SDNotify.exe binary, and have it automatically run, whenever the user who installed the product logs on to the machine. The malicious SDNotify.exe could, for example, create a new local administrator account on the machine. |
|
55 |
CVE-2020-13384 |
434 |
|
Exec Code |
2020-05-22 |
2020-05-26 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048. |
|
56 |
CVE-2020-13362 |
125 |
|
|
2020-05-28 |
2020-11-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. |
|
57 |
CVE-2020-13361 |
787 |
|
|
2020-05-28 |
2020-11-11 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. |
|
58 |
CVE-2020-13258 |
79 |
|
XSS |
2020-05-21 |
2020-05-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py. |
|
59 |
CVE-2020-13253 |
125 |
|
|
2020-05-27 |
2020-12-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. |
|
60 |
CVE-2020-13252 |
78 |
|
Exec Code |
2020-05-21 |
2020-05-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. |
|
61 |
CVE-2020-13249 |
|
|
|
2020-05-20 |
2020-11-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. |
|
62 |
CVE-2020-13246 |
667 |
|
|
2020-05-20 |
2020-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another. |
|
63 |
CVE-2020-13245 |
295 |
|
|
2020-05-28 |
2020-05-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P. |
|
64 |
CVE-2020-13241 |
434 |
|
|
2020-05-20 |
2020-05-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. |
|
65 |
CVE-2020-13240 |
276 |
|
XSS Bypass |
2020-05-20 |
2021-07-21 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. |
|
66 |
CVE-2020-13239 |
79 |
|
XSS |
2020-05-20 |
2020-05-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS. |
|
67 |
CVE-2020-13231 |
352 |
|
CSRF |
2020-05-20 |
2020-06-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. |
|
68 |
CVE-2020-13230 |
281 |
|
|
2020-05-20 |
2022-03-30 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). |
|
69 |
CVE-2020-13226 |
918 |
|
|
2020-05-20 |
2020-05-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet. |
|
70 |
CVE-2020-13225 |
79 |
|
XSS |
2020-05-20 |
2020-05-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget. |
|
71 |
CVE-2020-13173 |
269 |
|
|
2020-05-28 |
2020-05-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe. |
|
72 |
CVE-2020-13167 |
74 |
|
Exec Code |
2020-05-19 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. |
|
73 |
CVE-2020-13166 |
798 |
|
Exec Code |
2020-05-19 |
2022-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code. |
|
74 |
CVE-2020-13164 |
400 |
|
|
2020-05-19 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. |
|
75 |
CVE-2020-13163 |
295 |
|
|
2020-05-19 |
2021-03-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. |
|
76 |
CVE-2020-13154 |
522 |
|
|
2020-05-18 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. |
|
77 |
CVE-2020-13153 |
79 |
|
XSS |
2020-05-18 |
2020-05-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. |
|
78 |
CVE-2020-13152 |
401 |
|
DoS |
2020-05-20 |
2022-04-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service. |
|
79 |
CVE-2020-13149 |
276 |
|
+Priv |
2020-05-18 |
2020-05-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory. |
|
80 |
CVE-2020-13146 |
74 |
|
|
2020-05-18 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature. |
|
81 |
CVE-2020-13145 |
79 |
|
XSS |
2020-05-18 |
2020-05-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS. |
|
82 |
CVE-2020-13144 |
94 |
|
Exec Code |
2020-05-18 |
2022-04-26 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution. |
|
83 |
CVE-2020-13143 |
125 |
|
|
2020-05-18 |
2021-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. |
|
84 |
CVE-2020-13136 |
200 |
|
+Info |
2020-05-18 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. |
|
85 |
CVE-2020-13135 |
200 |
|
+Info |
2020-05-18 |
2021-07-21 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. |
|
86 |
CVE-2020-13129 |
200 |
|
+Info |
2020-05-18 |
2021-08-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs. |
|
87 |
CVE-2020-13128 |
434 |
|
DoS |
2020-05-18 |
2020-05-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service. |
|
88 |
CVE-2020-13126 |
434 |
|
Exec Code |
2020-05-17 |
2020-05-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected. |
|
89 |
CVE-2020-13125 |
732 |
|
|
2020-05-17 |
2021-07-21 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled. |
|
90 |
CVE-2020-13121 |
601 |
|
|
2020-05-16 |
2020-05-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. |
|
91 |
CVE-2020-13118 |
89 |
|
Sql |
2020-05-16 |
2020-05-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community. |
|
92 |
CVE-2020-13114 |
770 |
|
|
2020-05-21 |
2022-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. |
|
93 |
CVE-2020-13113 |
908 |
|
|
2020-05-21 |
2022-04-26 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. |
|
94 |
CVE-2020-13112 |
125 |
|
|
2020-05-21 |
2020-07-27 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. |
|
95 |
CVE-2020-13111 |
119 |
|
DoS Overflow |
2020-05-16 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash. |
|
96 |
CVE-2020-13110 |
427 |
|
Exec Code |
2020-05-16 |
2020-05-20 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search. |
|
97 |
CVE-2020-13109 |
787 |
|
Exec Code Overflow |
2020-05-16 |
2020-05-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow. |
|
98 |
CVE-2020-13094 |
79 |
|
XSS |
2020-05-18 |
2020-05-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Dolibarr before 11.0.4 allows XSS. |
|
99 |
CVE-2020-13093 |
22 |
|
Dir. Trav. |
2020-05-15 |
2020-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. |
|
100 |
CVE-2020-13092 |
502 |
|
Exec Code |
2020-05-15 |
2020-05-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner. |
