| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
301 |
CVE-2020-11058 |
119 |
|
Overflow |
2020-05-12 |
2021-10-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. |
|
302 |
CVE-2020-11057 |
94 |
|
|
2020-05-12 |
2021-11-04 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0. |
|
303 |
CVE-2020-11056 |
74 |
|
Exec Code |
2020-05-07 |
2021-10-26 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0. |
|
304 |
CVE-2020-11055 |
79 |
|
Exec Code XSS |
2020-05-07 |
2020-05-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines. This most impacts scenarios where not-trusted users are given permission to create comments. This has been fixed in 0.29.2. |
|
305 |
CVE-2020-11054 |
684 |
|
|
2020-05-07 |
2020-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false, which is not recommended), this could still provide a false sense of security. This has been fixed in 1.11.1 and 1.12.0. All versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn't be tested. Backported patches for older versions (greater than or equal to 1.4.0 and less than or equal to 1.10.2) are available, but no further releases are planned. |
|
306 |
CVE-2020-11053 |
601 |
|
Bypass |
2020-05-07 |
2020-05-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. However, by crafting a redirect URL with HTML encoded whitespace characters the validation could be bypassed and allow a redirect to any URL provided. This has been patched in 5.1.1. |
|
307 |
CVE-2020-11052 |
307 |
|
|
2020-05-07 |
2020-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Sorcery before 0.15.0, there is a brute force vulnerability when using password authentication via Sorcery. The brute force protection submodule will prevent a brute force attack for the defined lockout period, but once expired, protection will not be re-enabled until a user or malicious actor logs in successfully. This does not affect users that do not use the built-in brute force protection submodule, nor users that use permanent account lockout. This has been patched in 0.15.0. |
|
308 |
CVE-2020-11051 |
79 |
|
XSS |
2020-05-05 |
2020-05-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor, the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2.3.81. |
|
309 |
CVE-2020-11050 |
295 |
|
|
2020-05-07 |
2021-10-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0. |
|
310 |
CVE-2020-11049 |
125 |
|
|
2020-05-07 |
2022-07-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0. |
|
311 |
CVE-2020-11048 |
125 |
|
|
2020-05-07 |
2022-07-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. |
|
312 |
CVE-2020-11047 |
125 |
|
|
2020-05-07 |
2020-06-09 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
None |
Partial |
|
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0. |
|
313 |
CVE-2020-11046 |
119 |
|
Overflow |
2020-05-07 |
2021-09-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. |
|
314 |
CVE-2020-11045 |
125 |
|
|
2020-05-07 |
2022-07-01 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
None |
Partial |
|
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. |
|
315 |
CVE-2020-11044 |
415 |
|
|
2020-05-07 |
2022-07-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0. |
|
316 |
CVE-2020-11043 |
125 |
|
|
2020-05-29 |
2022-07-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. |
|
317 |
CVE-2020-11042 |
125 |
|
|
2020-05-07 |
2022-07-01 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
None |
Partial |
|
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. |
|
318 |
CVE-2020-11041 |
129 |
|
|
2020-05-29 |
2022-07-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. |
|
319 |
CVE-2020-11040 |
125 |
|
|
2020-05-29 |
2022-07-01 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. |
|
320 |
CVE-2020-11039 |
190 |
|
Overflow |
2020-05-29 |
2022-07-01 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. |
|
321 |
CVE-2020-11038 |
190 |
|
Overflow |
2020-05-29 |
2021-09-14 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. |
|
322 |
CVE-2020-11036 |
79 |
|
XSS |
2020-05-05 |
2020-05-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In GLPI before version 9.4.6 there are multiple related stored XSS vulnerabilities. The package is vulnerable to Stored XSS in the comments of items in the Knowledge base. Adding a comment with content "<script>alert(1)</script>" reproduces the attack. This can be exploited by a user with administrator privileges in the User-Agent field. It can also be exploited by an outside party through the following steps: 1. Create a user with the surname `" onmouseover="alert(document.cookie)` and an empty first name. 2. With this user, create a ticket 3. As an administrator (or other privileged user) open the created ticket 4. On the "last update" field, put your mouse on the name of the user 5. The XSS fires This is fixed in version 9.4.6. |
|
323 |
CVE-2020-11035 |
327 |
|
CSRF |
2020-05-05 |
2021-10-26 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6. |
|
324 |
CVE-2020-11034 |
601 |
|
Bypass |
2020-05-05 |
2020-05-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6. |
|
325 |
CVE-2020-11033 |
200 |
|
+Info |
2020-05-05 |
2021-09-14 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
In GLPI from version 9.1 and before version 9.4.6, any API user with READ right on User itemtype will have access to full list of users when querying apirest.php/User. The response contains: - All api_tokens which can be used to do privileges escalations or read/update/delete data normally non accessible to the current user. - All personal_tokens can display another users planning. Exploiting this vulnerability requires the api to be enabled, a technician account. It can be mitigated by adding an application token. This is fixed in version 9.4.6. |
|
326 |
CVE-2020-11032 |
89 |
|
Sql |
2020-05-05 |
2020-05-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version 9.4.6. |
|
327 |
CVE-2020-11019 |
125 |
|
|
2020-05-29 |
2020-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. |
|
328 |
CVE-2020-11018 |
125 |
|
|
2020-05-29 |
2020-07-27 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. |
|
329 |
CVE-2020-11017 |
415 |
|
|
2020-05-29 |
2020-07-27 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. |
|
330 |
CVE-2020-11006 |
79 |
|
XSS |
2020-05-08 |
2020-05-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0. |
|
331 |
CVE-2020-10995 |
400 |
|
|
2020-05-19 |
2022-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue. |
|
332 |
CVE-2020-10974 |
306 |
|
|
2020-05-07 |
2022-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000 |
|
333 |
CVE-2020-10973 |
306 |
|
|
2020-05-07 |
2022-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available. |
|
334 |
CVE-2020-10972 |
306 |
|
|
2020-05-07 |
2022-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3 |
|
335 |
CVE-2020-10971 |
20 |
|
Exec Code |
2020-05-07 |
2020-12-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session. Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000 |
|
336 |
CVE-2020-10967 |
20 |
|
|
2020-05-18 |
2020-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. |
|
337 |
CVE-2020-10958 |
416 |
|
|
2020-05-18 |
2020-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. |
|
338 |
CVE-2020-10957 |
476 |
|
|
2020-05-18 |
2020-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. |
|
339 |
CVE-2020-10946 |
79 |
|
XSS |
2020-05-27 |
2020-05-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. |
|
340 |
CVE-2020-10945 |
200 |
|
+Info |
2020-05-27 |
2020-08-03 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Centreon before 19.10.7 exposes Session IDs in server responses. |
|
341 |
CVE-2020-10936 |
269 |
|
|
2020-05-27 |
2020-12-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Sympa before 6.2.56 allows privilege escalation. |
|
342 |
CVE-2020-10933 |
908 |
|
|
2020-05-04 |
2022-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. |
|
343 |
CVE-2020-10916 |
287 |
|
Exec Code Bypass |
2020-05-07 |
2020-05-14 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
|
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003. |
|
344 |
CVE-2020-10876 |
613 |
|
Bypass |
2020-05-04 |
2020-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account. |
|
345 |
CVE-2020-10859 |
22 |
|
Dir. Trav. |
2020-05-05 |
2020-05-12 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. |
|
346 |
CVE-2020-10795 |
78 |
|
Exec Code |
2020-05-07 |
2020-05-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access. |
|
347 |
CVE-2020-10794 |
22 |
|
Dir. Trav. |
2020-05-07 |
2020-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access. |
|
348 |
CVE-2020-10751 |
345 |
|
|
2020-05-26 |
2021-06-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. |
|
349 |
CVE-2020-10744 |
668 |
|
|
2020-05-15 |
2020-05-29 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. |
|
350 |
CVE-2020-10738 |
20 |
|
Exec Code |
2020-05-21 |
2020-05-22 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. |
