CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2020-15879 918 2020-07-21 2020-07-24
5.0
None Remote Low Not required Partial None None
Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16).
52 CVE-2020-15877 668 2020-07-21 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
53 CVE-2020-15873 89 Sql 2020-07-21 2020-07-23
4.0
None Remote Low ??? Partial None None
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
54 CVE-2020-15871 732 Exec Code 2020-07-31 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution.
55 CVE-2020-15870 79 XSS 2020-07-31 2020-08-11
4.3
None Remote Medium Not required None Partial None
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2).
56 CVE-2020-15869 79 XSS 2020-07-31 2020-08-11
4.3
None Remote Medium Not required None Partial None
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2).
57 CVE-2020-15866 787 Overflow 2020-07-21 2022-05-12
7.5
None Remote Low Not required Partial Partial Partial
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.
58 CVE-2020-15863 787 DoS Exec Code Overflow 2020-07-28 2021-01-04
4.4
None Local Medium Not required Partial Partial Partial
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.
59 CVE-2020-15860 Exec Code 2020-07-24 2020-09-16
6.5
None Remote Low ??? Partial Partial Partial
Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it was discovered that it is possible to access any host in the internal domain, even if it has no published applications or the mentioned host is no longer associated with that server farm.
60 CVE-2020-15859 416 2020-07-21 2021-02-24
2.1
None Local Low Not required None None Partial
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
61 CVE-2020-15852 276 2020-07-20 2020-08-10
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.
62 CVE-2020-15842 502 Exec Code 2020-07-20 2020-07-24
6.8
None Remote Medium Not required Partial Partial Partial
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.
63 CVE-2020-15841 522 2020-07-20 2021-07-21
4.3
None Remote Medium Not required Partial None None
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature.
64 CVE-2020-15816 74 Exec Code 2020-07-17 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
65 CVE-2020-15813 295 Bypass 2020-07-17 2020-07-22
6.8
None Remote Medium Not required Partial Partial Partial
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code (in all versions that support LDAP) does not implement proper certificate validation (regardless of whether the "Allow self-signed certificates" option is used). Therefore, any attacker with the ability to intercept network traffic between a Graylog server and an LDAP server is able to redirect traffic to a different LDAP server (unnoticed by the Graylog server due to the lack of certificate validation), effectively bypassing Graylog's authentication mechanism.
66 CVE-2020-15807 476 2020-07-17 2020-07-22
4.3
None Remote Medium Not required None None Partial
GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.
67 CVE-2020-15806 770 2020-07-22 2021-07-21
5.0
None Remote Low Not required None None Partial
CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation.
68 CVE-2020-15803 79 XSS 2020-07-17 2021-04-21
4.3
None Remote Medium Not required None Partial None
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
69 CVE-2020-15801 426 2020-07-17 2022-04-27
7.5
None Remote Low Not required Partial Partial Partial
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.
70 CVE-2020-15780 862 Bypass 2020-07-15 2022-04-27
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
71 CVE-2020-15779 22 Dir. Trav. 2020-07-15 2020-07-22
5.0
None Remote Low Not required None Partial None
A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.
72 CVE-2020-15778 78 2020-07-24 2021-06-22
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
73 CVE-2020-15724 426 Exec Code Bypass 2020-07-21 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
74 CVE-2020-15723 426 Exec Code Bypass 2020-07-21 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.
75 CVE-2020-15722 426 Exec Code 2020-07-21 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute arbitrary code on the Local system.
76 CVE-2020-15721 79 XSS 2020-07-14 2020-07-22
4.3
None Remote Medium Not required None Partial None
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
77 CVE-2020-15720 295 2020-07-14 2020-07-23
4.0
None Remote High Not required Partial Partial None
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1.
78 CVE-2020-15719 295 2020-07-14 2022-05-12
4.0
None Remote High Not required Partial Partial None
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
79 CVE-2020-15718 79 XSS 2020-07-15 2020-07-22
4.3
None Remote Medium Not required None Partial None
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL.
80 CVE-2020-15717 79 XSS 2020-07-15 2020-07-22
4.3
None Remote Medium Not required None Partial None
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.
81 CVE-2020-15716 79 XSS 2020-07-15 2020-07-22
4.3
None Remote Medium Not required None Partial None
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL.
82 CVE-2020-15715 Exec Code 2020-07-28 2020-07-28
6.5
None Remote Low ??? Partial Partial Partial
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter.
83 CVE-2020-15714 89 Sql 2020-07-28 2020-07-28
6.5
None Remote Low ??? Partial Partial Partial
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.
84 CVE-2020-15713 89 Sql 2020-07-28 2020-07-28
6.5
None Remote Low ??? Partial Partial Partial
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.
85 CVE-2020-15712 22 Dir. Trav. 2020-07-28 2020-07-28
4.0
None Remote Low ??? Partial None None
rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system.
86 CVE-2020-15711 352 CSRF 2020-07-14 2020-07-15
6.8
None Remote Medium Not required Partial Partial Partial
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
87 CVE-2020-15707 362 Exec Code Overflow Bypass 2020-07-29 2021-09-13
4.4
None Local Medium Not required Partial Partial Partial
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
88 CVE-2020-15706 362 Exec Code Bypass 2020-07-29 2021-05-01
4.4
None Local Medium Not required Partial Partial Partial
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
89 CVE-2020-15705 347 Bypass 2020-07-29 2022-04-18
4.4
None Local Medium Not required Partial Partial Partial
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions.
90 CVE-2020-15700 352 CSRF 2020-07-15 2020-07-15
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.
91 CVE-2020-15699 345 2020-07-15 2020-07-15
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.
92 CVE-2020-15698 200 +Info 2020-07-15 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials
93 CVE-2020-15697 732 2020-07-15 2020-07-15
4.0
None Remote Low ??? None Partial None
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.
94 CVE-2020-15696 79 XSS 2020-07-15 2020-07-15
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.
95 CVE-2020-15695 352 CSRF 2020-07-15 2020-07-15
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability.
96 CVE-2020-15689 476 DoS 2020-07-13 2020-07-20
5.0
None Remote Low Not required None None Partial
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.
97 CVE-2020-15688 294 Bypass 2020-07-23 2020-10-07
6.8
None Remote Medium Not required Partial Partial Partial
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.
98 CVE-2020-15633 288 Exec Code Bypass 2020-07-23 2020-07-28
5.8
None Local Network Low Not required Partial Partial Partial
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835.
99 CVE-2020-15632 303 Exec Code Bypass 2020-07-23 2020-07-28
5.8
None Local Network Low Not required Partial Partial Partial
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083.
100 CVE-2020-15631 78 Exec Code Bypass 2020-07-23 2020-07-28
5.8
None Local Network Low Not required Partial Partial Partial
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the HNAP service, which listens on TCP port 80 by default. When parsing the SOAPAction header, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10084.
Total number of vulnerabilities : 1418   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.