CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2020 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2020-11050 295 2020-05-07 2021-10-07
6.8
None Remote Medium Not required Partial Partial Partial
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.
202 CVE-2020-11043 125 2020-05-29 2020-07-27
5.0
None Remote Low Not required None None Partial
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0.
203 CVE-2020-11039 190 Overflow 2020-05-29 2020-07-27
6.0
None Remote Medium ??? Partial Partial Partial
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.
204 CVE-2020-11038 190 Overflow 2020-05-29 2021-09-14
5.5
None Remote Low ??? None Partial Partial
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
205 CVE-2020-11035 327 CSRF 2020-05-05 2021-10-26
6.4
None Remote Low Not required Partial Partial None
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6.
206 CVE-2020-11034 601 Bypass 2020-05-05 2020-05-15
5.8
None Remote Medium Not required Partial Partial None
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6.
207 CVE-2020-11033 200 +Info 2020-05-05 2021-09-14
6.0
None Remote Medium ??? Partial Partial Partial
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or read/update/delete data normally non accessible to the current user. - All personal_tokens can display another users planning. Exploiting this vulnerability requires the api to be enabled, a technician account. It can be mitigated by adding an application token. This is fixed in version 9.4.6.
208 CVE-2020-11032 89 Sql 2020-05-05 2020-05-07
6.5
None Remote Low ??? Partial Partial Partial
In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6.
209 CVE-2020-11019 125 2020-05-29 2020-07-27
5.0
None Remote Low Not required None None Partial
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.
210 CVE-2020-10995 400 2020-05-19 2022-04-26
5.0
None Remote Low Not required None None Partial
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.
211 CVE-2020-10974 306 2020-05-07 2022-04-28
5.0
None Remote Low Not required Partial None None
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
212 CVE-2020-10973 306 2020-05-07 2022-04-28
5.0
None Remote Low Not required Partial None None
An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.
213 CVE-2020-10972 306 2020-05-07 2022-04-29
5.0
None Remote Low Not required Partial None None
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3
214 CVE-2020-10971 20 Exec Code 2020-05-07 2020-12-04
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session. Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000
215 CVE-2020-10967 20 2020-05-18 2020-10-13
5.0
None Remote Low Not required None None Partial
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
216 CVE-2020-10958 416 2020-05-18 2020-05-28
5.0
None Remote Low Not required None None Partial
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
217 CVE-2020-10957 476 2020-05-18 2020-05-28
5.0
None Remote Low Not required None None Partial
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
218 CVE-2020-10936 269 2020-05-27 2020-12-24
7.2
None Local Low Not required Complete Complete Complete
Sympa before 6.2.56 allows privilege escalation.
219 CVE-2020-10933 908 2020-05-04 2022-05-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
220 CVE-2020-10916 287 Exec Code Bypass 2020-05-07 2020-05-14
5.2
None Local Network Low ??? Partial Partial Partial
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003.
221 CVE-2020-10876 613 Bypass 2020-05-04 2020-05-15
5.0
None Remote Low Not required None Partial None
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account.
222 CVE-2020-10795 78 Exec Code 2020-05-07 2020-05-12
9.0
None Remote Low ??? Complete Complete Complete
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access.
223 CVE-2020-10794 22 Dir. Trav. 2020-05-07 2020-05-13
5.0
None Remote Low Not required Partial None None
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access.
224 CVE-2020-10738 20 Exec Code 2020-05-21 2020-05-22
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution.
225 CVE-2020-10719 444 2020-05-26 2022-02-21
6.4
None Remote Low Not required Partial Partial None
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
226 CVE-2020-10704 674 DoS Overflow 2020-05-06 2021-12-20
5.0
None Remote Low Not required None None Partial
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
227 CVE-2020-10693 20 Bypass 2020-05-06 2022-05-10
5.0
None Remote Low Not required None Partial None
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
228 CVE-2020-10686 863 2020-05-04 2020-05-07
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users.
229 CVE-2020-10683 611 2020-05-01 2022-02-22
7.5
None Remote Low Not required Partial Partial Partial
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
230 CVE-2020-10654 787 Exec Code Overflow 2020-05-13 2020-05-15
7.5
None Remote Low Not required Partial Partial Partial
Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.
231 CVE-2020-10638 787 Exec Code Overflow 2020-05-08 2021-12-17
7.5
None Remote Low Not required Partial Partial Partial
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
232 CVE-2020-10634 22 Dir. Trav. 2020-05-05 2020-05-12
6.4
None Remote Low Not required Partial Partial None
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible.
233 CVE-2020-10626 427 Exec Code 2020-05-14 2022-01-31
6.9
None Local Medium Not required Complete Complete Complete
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.
234 CVE-2020-10622 2020-05-04 2020-05-06
6.8
None Remote Medium Not required Partial Partial Partial
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users
235 CVE-2020-10620 862 2020-05-14 2020-05-18
7.5
None Remote Low Not required Partial Partial Partial
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely.
236 CVE-2020-10616 427 Exec Code 2020-05-14 2020-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.
237 CVE-2020-10612 862 2020-05-14 2020-05-18
6.4
None Remote Low Not required None Partial Partial
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values.
238 CVE-2020-10176 94 2020-05-07 2022-04-28
10.0
None Remote Low Not required Complete Complete Complete
ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands.
239 CVE-2020-10067 190 DoS Exec Code Overflow Mem. Corr. Bypass +Info 2020-05-11 2020-06-05
7.2
None Local Low Not required Complete Complete Complete
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
240 CVE-2020-10060 824 DoS +Info 2020-05-11 2021-10-18
5.5
None Remote Low ??? Partial None Partial
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
241 CVE-2020-10059 295 2020-05-11 2020-06-05
5.8
None Remote Medium Not required Partial None Partial
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
242 CVE-2020-10030 125 DoS Exec Code 2020-05-19 2020-06-14
6.5
None Remote Low ??? Partial Partial Partial
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.
243 CVE-2020-10027 697 Exec Code 2020-05-11 2020-06-05
7.2
None Local Low Not required Complete Complete Complete
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
244 CVE-2020-10024 697 Exec Code 2020-05-11 2020-06-05
7.2
None Local Low Not required Complete Complete Complete
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
245 CVE-2020-10022 120 DoS Exec Code Mem. Corr. 2020-05-11 2020-06-05
7.5
None Remote Low Not required Partial Partial Partial
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
246 CVE-2020-9840 2020-05-11 2020-05-14
5.0
None Remote Low Not required None None Partial
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.
247 CVE-2020-9753 347 2020-05-20 2020-05-21
6.4
None Remote Low Not required Partial Partial None
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
248 CVE-2020-9502 330 2020-05-13 2020-05-18
7.5
None Remote Low Not required Partial Partial Partial
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.
249 CVE-2020-9475 362 2020-05-07 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
250 CVE-2020-9474 494 Exec Code 2020-05-07 2020-05-14
9.0
None Remote Low ??? Complete Complete Complete
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway.
Total number of vulnerabilities : 592   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.