CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2020 (CVSS score >= 2)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2020-13390 120 Exec Code Overflow 2020-05-22 2020-05-27
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
52 CVE-2020-13389 120 Exec Code Overflow 2020-05-22 2020-05-27
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks.
53 CVE-2020-13388 78 Exec Code 2020-05-22 2020-05-28
7.5
None Remote Low Not required Partial Partial Partial
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.
54 CVE-2020-13386 732 2020-05-27 2020-06-01
4.4
None Local Medium Not required Partial Partial Partial
In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the context of the user who installed the product. Both scheduled tasks attempt to run the same binary, C:\SmartDraw 2020\Messages\SDNotify.exe. The folder Messages doesn't exist by default and (by extension) neither does SDNotify.exe. Due to the weak folder permissions, these can be created by any user. A malicious actor can therefore create a malicious SDNotify.exe binary, and have it automatically run, whenever the user who installed the product logs on to the machine. The malicious SDNotify.exe could, for example, create a new local administrator account on the machine.
55 CVE-2020-13384 434 Exec Code 2020-05-22 2020-05-26
6.5
None Remote Low ??? Partial Partial Partial
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048.
56 CVE-2020-13362 125 2020-05-28 2020-11-11
2.1
None Local Low Not required None None Partial
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.
57 CVE-2020-13361 787 2020-05-28 2020-11-11
3.3
None Local Medium Not required None Partial Partial
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
58 CVE-2020-13258 79 XSS 2020-05-21 2020-05-21
4.3
None Remote Medium Not required None Partial None
Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py.
59 CVE-2020-13253 125 2020-05-27 2020-12-14
2.1
None Local Low Not required None None Partial
sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process.
60 CVE-2020-13252 78 Exec Code 2020-05-21 2020-05-21
9.0
None Remote Low ??? Complete Complete Complete
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page.
61 CVE-2020-13249 2020-05-20 2020-11-11
6.8
None Remote Medium Not required Partial Partial Partial
libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
62 CVE-2020-13246 667 2020-05-20 2020-05-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another.
63 CVE-2020-13245 295 2020-05-28 2020-05-29
4.3
None Remote Medium Not required None Partial None
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.
64 CVE-2020-13241 434 2020-05-20 2020-05-22
7.2
None Local Low Not required Complete Complete Complete
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.
65 CVE-2020-13240 276 XSS Bypass 2020-05-20 2021-07-21
5.5
None Remote Low ??? Partial Partial None
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
66 CVE-2020-13239 79 XSS 2020-05-20 2020-05-20
3.5
None Remote Medium ??? None Partial None
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS.
67 CVE-2020-13231 352 CSRF 2020-05-20 2020-06-05
4.3
None Remote Medium Not required None Partial None
In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.
68 CVE-2020-13230 281 2020-05-20 2022-05-24
4.0
None Remote Low ??? Partial None None
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
69 CVE-2020-13226 918 2020-05-20 2020-05-21
7.5
None Remote Low Not required Partial Partial Partial
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.
70 CVE-2020-13225 79 XSS 2020-05-20 2020-05-20
3.5
None Remote Medium ??? None Partial None
phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget.
71 CVE-2020-13173 269 2020-05-28 2020-05-29
4.6
None Local Low Not required Partial Partial Partial
Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe.
72 CVE-2020-13167 74 Exec Code 2020-05-19 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
73 CVE-2020-13166 798 Exec Code 2020-05-19 2022-04-26
7.5
None Remote Low Not required Partial Partial Partial
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
74 CVE-2020-13164 400 2020-05-19 2021-07-21
5.0
None Remote Low Not required None None Partial
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.
75 CVE-2020-13163 295 2020-05-19 2021-03-04
5.8
None Remote Medium Not required Partial Partial None
em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
76 CVE-2020-13154 522 2020-05-18 2021-07-21
4.0
None Remote Low ??? Partial None None
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
77 CVE-2020-13153 79 XSS 2020-05-18 2020-05-19
4.3
None Remote Medium Not required None Partial None
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view.
78 CVE-2020-13152 401 DoS 2020-05-20 2022-04-28
4.3
None Remote Medium Not required None None Partial
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.
79 CVE-2020-13149 276 +Priv 2020-05-18 2020-05-20
4.6
None Local Low Not required Partial Partial Partial
Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory.
80 CVE-2020-13146 74 2020-05-18 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature.
81 CVE-2020-13145 79 XSS 2020-05-18 2020-05-20
3.5
None Remote Medium ??? None Partial None
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS.
82 CVE-2020-13144 94 Exec Code 2020-05-18 2022-04-26
6.5
None Remote Low ??? Partial Partial Partial
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution.
83 CVE-2020-13143 125 2020-05-18 2021-01-04
4.3
None Remote Medium Not required None None Partial
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.
84 CVE-2020-13136 200 +Info 2020-05-18 2021-07-21
5.0
None Remote Low Not required Partial None None
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer.
85 CVE-2020-13135 200 +Info 2020-05-18 2021-07-21
3.3
None Local Network Low Not required Partial None None
D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy.
86 CVE-2020-13129 200 +Info 2020-05-18 2021-08-12
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs.
87 CVE-2020-13128 434 DoS 2020-05-18 2020-05-19
5.0
None Remote Low Not required None None Partial
An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service.
88 CVE-2020-13126 434 Exec Code 2020-05-17 2020-05-18
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected.
89 CVE-2020-13125 732 2020-05-17 2021-07-21
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled.
90 CVE-2020-13121 601 2020-05-16 2020-05-18
5.8
None Remote Medium Not required Partial Partial None
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt.
91 CVE-2020-13118 89 Sql 2020-05-16 2020-05-19
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community.
92 CVE-2020-13114 770 2020-05-21 2022-04-27
5.0
None Remote Low Not required None None Partial
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
93 CVE-2020-13113 908 2020-05-21 2022-04-26
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.
94 CVE-2020-13112 125 2020-05-21 2020-07-27
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.
95 CVE-2020-13111 119 DoS Overflow 2020-05-16 2021-07-21
5.0
None Remote Low Not required None None Partial
NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash.
96 CVE-2020-13110 427 Exec Code 2020-05-16 2020-05-20
6.9
None Local Medium Not required Complete Complete Complete
The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search.
97 CVE-2020-13109 787 Exec Code Overflow 2020-05-16 2020-05-20
7.5
None Remote Low Not required Partial Partial Partial
Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow.
98 CVE-2020-13094 79 XSS 2020-05-18 2020-05-19
3.5
None Remote Medium ??? None Partial None
Dolibarr before 11.0.4 allows XSS.
99 CVE-2020-13093 22 Dir. Trav. 2020-05-15 2020-05-15
5.0
None Remote Low Not required Partial None None
iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal.
100 CVE-2020-13092 502 Exec Code 2020-05-15 2020-05-19
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner.
Total number of vulnerabilities : 1008   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.