| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
301 |
CVE-2020-11536 |
20 |
|
Exec Code |
2020-04-15 |
2020-04-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server. |
|
302 |
CVE-2020-11535 |
91 |
|
Exec Code |
2020-04-15 |
2020-04-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit XML injection to enter an attacker-controlled parameter into the x2t binary, to rewrite this binary and/or libxcb.so.1, and execute code on a victim's server. |
|
303 |
CVE-2020-11534 |
20 |
|
Exec Code |
2020-04-15 |
2020-04-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary (such as curl or wget) and remotely execute code on a victim's server. |
|
304 |
CVE-2020-11533 |
200 |
|
+Info |
2020-04-04 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). |
|
305 |
CVE-2020-11529 |
601 |
|
|
2020-04-04 |
2021-05-17 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x. |
|
306 |
CVE-2020-11528 |
787 |
|
Overflow |
2020-04-04 |
2020-04-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file. |
|
307 |
CVE-2020-11527 |
200 |
|
+Info |
2020-04-04 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. |
|
308 |
CVE-2020-11518 |
|
|
Exec Code |
2020-04-04 |
2020-04-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. |
|
309 |
CVE-2020-11516 |
79 |
|
XSS |
2020-04-07 |
2020-04-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. If an administrator creates or modifies a contact form, the JavaScript will be executed in their browser, which can then be used to create new administrative users or perform other actions using the administrator's session. |
|
310 |
CVE-2020-11515 |
601 |
|
|
2020-04-07 |
2020-04-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI). |
|
311 |
CVE-2020-11514 |
269 |
|
|
2020-04-07 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint. |
|
312 |
CVE-2020-11512 |
79 |
|
XSS |
2020-04-07 |
2020-04-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel. This could be used to create new administrator-level accounts. |
|
313 |
CVE-2020-11509 |
79 |
|
XSS |
2020-04-07 |
2020-04-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page). |
|
314 |
CVE-2020-11508 |
79 |
|
XSS |
2020-04-07 |
2020-04-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action. |
|
315 |
CVE-2020-11507 |
426 |
|
Exec Code |
2020-04-06 |
2020-04-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. |
|
316 |
CVE-2020-11506 |
200 |
|
Bypass +Info |
2020-04-22 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling. |
|
317 |
CVE-2020-11505 |
200 |
|
Bypass +Info |
2020-04-22 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling. |
|
318 |
CVE-2020-11501 |
327 |
|
|
2020-04-03 |
2021-07-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. |
|
319 |
CVE-2020-11500 |
327 |
|
|
2020-04-03 |
2020-04-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key. |
|
320 |
CVE-2020-11499 |
79 |
|
XSS |
2020-04-02 |
2020-04-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctions/mongo_task_conversion.py. |
|
321 |
CVE-2020-11498 |
22 |
|
Exec Code Dir. Trav. Bypass |
2020-04-02 |
2020-04-06 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persistence or to bypass security controls. NOTE: the vendor states that this "requires a high degree of access and other preconditions that are tough to achieve." |
|
322 |
CVE-2020-11494 |
908 |
|
|
2020-04-02 |
2022-04-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. |
|
323 |
CVE-2020-11491 |
22 |
|
Dir. Trav. |
2020-04-02 |
2020-04-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi. |
|
324 |
CVE-2020-11490 |
78 |
|
Exec Code |
2020-04-02 |
2020-04-06 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter. |
|
325 |
CVE-2020-11470 |
862 |
|
|
2020-04-01 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access. |
|
326 |
CVE-2020-11469 |
269 |
|
|
2020-04-01 |
2020-04-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot. |
|
327 |
CVE-2020-11467 |
732 |
|
Exec Code |
2020-04-01 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. While direct access to self and _self variables was not permitted, one could abuse the accessible variables in one's context to reach a native unserialize function via the code parameter. There, on could pass a crafted payload to trigger a set of POP gadgets in order to achieve remote code execution. |
|
328 |
CVE-2020-11466 |
200 |
|
+Info |
2020-04-01 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthorized parties. Additionally, it leaked ticket authentication code, making it possible to make changes to a ticket. |
|
329 |
CVE-2020-11465 |
269 |
|
|
2020-04-01 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* endpoints failed to properly validate a user's privilege, allowing an attacker to control/install helpdesk applications and leak current applications' configurations, including applications used as user sources (used for authentication). This enables an attacker to forge valid authentication models that resembles any user on the system. |
|
330 |
CVE-2020-11464 |
200 |
|
+Info |
2020-04-01 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc. |
|
331 |
CVE-2020-11463 |
269 |
|
|
2020-04-01 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Deskpro before 2019.8.0. The /api/email_accounts endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve cleartext credentials of all helpdesk email accounts, including incoming and outgoing email credentials. This enables an attacker to get full access to all emails sent or received by the system including password reset emails, making it possible to reset any user's password. |
|
332 |
CVE-2020-11458 |
200 |
|
+Info |
2020-04-02 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php. |
|
333 |
CVE-2020-11457 |
79 |
|
XSS |
2020-04-01 |
2020-04-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user. |
|
334 |
CVE-2020-11456 |
79 |
|
XSS |
2020-04-01 |
2020-04-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). |
|
335 |
CVE-2020-11455 |
22 |
|
Dir. Trav. |
2020-04-01 |
2020-04-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. |
|
336 |
CVE-2020-11454 |
79 |
|
XSS |
2020-04-02 |
2020-04-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the application. |
|
337 |
CVE-2020-11453 |
918 |
|
|
2020-04-02 |
2020-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reproduce the issue reported in any version of its product. |
|
338 |
CVE-2020-11452 |
918 |
|
|
2020-04-02 |
2020-04-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper. |
|
339 |
CVE-2020-11451 |
434 |
|
|
2020-04-02 |
2020-06-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administrator privileges. |
|
340 |
CVE-2020-11450 |
|
|
|
2020-04-02 |
2022-04-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher. |
|
341 |
CVE-2020-11449 |
522 |
|
|
2020-04-01 |
2020-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf. |
|
342 |
CVE-2020-11446 |
269 |
|
|
2020-04-29 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation. |
|
343 |
CVE-2020-11445 |
287 |
|
Bypass +Info |
2020-04-01 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. |
|
344 |
CVE-2020-11444 |
276 |
|
|
2020-04-02 |
2020-04-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. |
|
345 |
CVE-2020-11420 |
22 |
|
Dir. Trav. |
2020-04-27 |
2021-09-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but integrity of the files are not jeopardized as attacker have read access rights only. |
|
346 |
CVE-2020-11416 |
79 |
|
XSS |
2020-04-22 |
2020-04-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
JetBrains Space through 2020-04-22 allows stored XSS in Chats. |
|
347 |
CVE-2020-11415 |
312 |
|
|
2020-04-27 |
2020-05-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext. |
|
348 |
CVE-2020-11107 |
732 |
|
Exec Code |
2020-04-02 |
2021-10-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution. |
|
349 |
CVE-2020-11102 |
787 |
|
Overflow |
2020-04-06 |
2020-05-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. |
|
350 |
CVE-2020-11100 |
787 |
|
Exec Code |
2020-04-02 |
2020-12-24 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution. |
