CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2020-11536 20 Exec Code 2020-04-15 2020-04-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server.
302 CVE-2020-11535 91 Exec Code 2020-04-15 2020-04-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit XML injection to enter an attacker-controlled parameter into the x2t binary, to rewrite this binary and/or libxcb.so.1, and execute code on a victim's server.
303 CVE-2020-11534 20 Exec Code 2020-04-15 2020-04-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary (such as curl or wget) and remotely execute code on a victim's server.
304 CVE-2020-11533 200 +Info 2020-04-04 2021-07-21
2.1
None Local Low Not required Partial None None
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).
305 CVE-2020-11529 601 2020-04-04 2021-05-17
5.8
None Remote Medium Not required Partial Partial None
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.
306 CVE-2020-11528 787 Overflow 2020-04-04 2020-04-06
5.0
None Remote Low Not required None None Partial
bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file.
307 CVE-2020-11527 200 +Info 2020-04-04 2021-07-21
5.0
None Remote Low Not required Partial None None
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
308 CVE-2020-11518 Exec Code 2020-04-04 2020-04-06
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
309 CVE-2020-11516 79 XSS 2020-04-07 2020-04-10
3.5
None Remote Medium ??? None Partial None
Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. If an administrator creates or modifies a contact form, the JavaScript will be executed in their browser, which can then be used to create new administrative users or perform other actions using the administrator's session.
310 CVE-2020-11515 601 2020-04-07 2020-04-07
5.8
None Remote Medium Not required Partial Partial None
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
311 CVE-2020-11514 269 2020-04-07 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
312 CVE-2020-11512 79 XSS 2020-04-07 2020-04-08
3.5
None Remote Medium ??? None Partial None
Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel. This could be used to create new administrator-level accounts.
313 CVE-2020-11509 79 XSS 2020-04-07 2020-04-09
4.3
None Remote Medium Not required None Partial None
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).
314 CVE-2020-11508 79 XSS 2020-04-07 2020-04-09
3.5
None Remote Medium ??? None Partial None
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.
315 CVE-2020-11507 426 Exec Code 2020-04-06 2020-04-06
6.9
None Local Medium Not required Complete Complete Complete
An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded.
316 CVE-2020-11506 200 Bypass +Info 2020-04-22 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling.
317 CVE-2020-11505 200 Bypass +Info 2020-04-22 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.
318 CVE-2020-11501 327 2020-04-03 2021-07-21
5.8
None Remote Medium Not required Partial Partial None
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
319 CVE-2020-11500 327 2020-04-03 2020-04-07
5.0
None Remote Low Not required Partial None None
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.
320 CVE-2020-11499 79 XSS 2020-04-02 2020-04-06
4.3
None Remote Medium Not required None Partial None
Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctions/mongo_task_conversion.py.
321 CVE-2020-11498 22 Exec Code Dir. Trav. Bypass 2020-04-02 2020-04-06
8.5
None Remote Medium ??? Complete Complete Complete
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persistence or to bypass security controls. NOTE: the vendor states that this "requires a high degree of access and other preconditions that are tough to achieve."
322 CVE-2020-11494 908 2020-04-02 2022-04-29
2.1
None Local Low Not required Partial None None
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
323 CVE-2020-11491 22 Dir. Trav. 2020-04-02 2020-04-03
4.0
None Remote Low ??? Partial None None
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.
324 CVE-2020-11490 78 Exec Code 2020-04-02 2020-04-06
9.0
None Remote Low ??? Complete Complete Complete
Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter.
325 CVE-2020-11470 862 2020-04-01 2021-07-21
2.1
None Local Low Not required Partial None None
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access.
326 CVE-2020-11469 269 2020-04-01 2020-04-07
7.2
None Local Low Not required Complete Complete Complete
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.
327 CVE-2020-11467 732 Exec Code 2020-04-01 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. While direct access to self and _self variables was not permitted, one could abuse the accessible variables in one's context to reach a native unserialize function via the code parameter. There, on could pass a crafted payload to trigger a set of POP gadgets in order to achieve remote code execution.
328 CVE-2020-11466 200 +Info 2020-04-01 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthorized parties. Additionally, it leaked ticket authentication code, making it possible to make changes to a ticket.
329 CVE-2020-11465 269 2020-04-01 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* endpoints failed to properly validate a user's privilege, allowing an attacker to control/install helpdesk applications and leak current applications' configurations, including applications used as user sources (used for authentication). This enables an attacker to forge valid authentication models that resembles any user on the system.
330 CVE-2020-11464 200 +Info 2020-04-01 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc.
331 CVE-2020-11463 269 2020-04-01 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Deskpro before 2019.8.0. The /api/email_accounts endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve cleartext credentials of all helpdesk email accounts, including incoming and outgoing email credentials. This enables an attacker to get full access to all emails sent or received by the system including password reset emails, making it possible to reset any user's password.
332 CVE-2020-11458 200 +Info 2020-04-02 2021-07-21
4.0
None Remote Low ??? Partial None None
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.
333 CVE-2020-11457 79 XSS 2020-04-01 2020-04-06
3.5
None Remote Medium ??? None Partial None
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
334 CVE-2020-11456 79 XSS 2020-04-01 2020-04-06
4.3
None Remote Medium Not required None Partial None
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
335 CVE-2020-11455 22 Dir. Trav. 2020-04-01 2020-04-06
5.0
None Remote Low Not required Partial None None
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
336 CVE-2020-11454 79 XSS 2020-04-02 2020-04-03
3.5
None Remote Medium ??? None Partial None
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the application.
337 CVE-2020-11453 918 2020-04-02 2020-06-09
5.0
None Remote Low Not required Partial None None
** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit it to conduct port scanning. An attacker could exploit this vulnerability to enumerate the resources allocated in the network (IP addresses and services exposed). NOTE: MicroStrategy is unable to reproduce the issue reported in any version of its product.
338 CVE-2020-11452 918 2020-04-02 2020-04-03
4.0
None Remote Low ??? Partial None None
Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases. By providing an external URL under attacker control, it's possible to send requests to external resources (aka SSRF) or leak files from the local system using the file:// stream wrapper.
339 CVE-2020-11451 434 2020-04-02 2020-06-09
6.5
None Remote Low ??? Partial Partial Partial
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF). Note: The ability to upload visualization plugins requires administrator privileges.
340 CVE-2020-11450 2020-04-02 2022-04-22
5.0
None Remote Low Not required Partial None None
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher.
341 CVE-2020-11449 522 2020-04-01 2020-04-02
5.0
None Remote Low Not required Partial None None
An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf.
342 CVE-2020-11446 269 2020-04-29 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.
343 CVE-2020-11445 287 Bypass +Info 2020-04-01 2021-07-21
5.0
None Remote Low Not required Partial None None
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.
344 CVE-2020-11444 276 2020-04-02 2020-04-07
6.5
None Remote Low ??? Partial Partial Partial
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
345 CVE-2020-11420 22 Dir. Trav. 2020-04-27 2021-09-14
4.0
None Remote Low ??? Partial None None
UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system, but integrity of the files are not jeopardized as attacker have read access rights only.
346 CVE-2020-11416 79 XSS 2020-04-22 2020-04-27
3.5
None Remote Medium ??? None Partial None
JetBrains Space through 2020-04-22 allows stored XSS in Chats.
347 CVE-2020-11415 312 2020-04-27 2020-05-01
4.0
None Remote Low ??? Partial None None
An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1. Admin users can retrieve the LDAP server system username/password (as configured in nxrm) in cleartext.
348 CVE-2020-11107 732 Exec Code 2020-04-02 2021-10-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution.
349 CVE-2020-11102 787 Overflow 2020-04-06 2020-05-13
6.8
None Remote Medium Not required Partial Partial Partial
hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.
350 CVE-2020-11100 787 Exec Code 2020-04-02 2020-12-24
6.5
None Remote Low ??? Partial Partial Partial
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
Total number of vulnerabilities : 2187   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.