| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
301 |
CVE-2020-10958 |
416 |
|
|
2020-05-18 |
2020-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. |
|
302 |
CVE-2020-10957 |
476 |
|
|
2020-05-18 |
2020-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. |
|
303 |
CVE-2020-10946 |
79 |
|
XSS |
2020-05-27 |
2020-05-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. |
|
304 |
CVE-2020-10936 |
269 |
|
|
2020-05-27 |
2020-12-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Sympa before 6.2.56 allows privilege escalation. |
|
305 |
CVE-2020-10933 |
908 |
|
|
2020-05-04 |
2022-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. |
|
306 |
CVE-2020-10916 |
287 |
|
Exec Code Bypass |
2020-05-07 |
2020-05-14 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
|
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003. |
|
307 |
CVE-2020-10876 |
613 |
|
Bypass |
2020-05-04 |
2020-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account. |
|
308 |
CVE-2020-10859 |
22 |
|
Dir. Trav. |
2020-05-05 |
2020-05-12 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. |
|
309 |
CVE-2020-10795 |
78 |
|
Exec Code |
2020-05-07 |
2020-05-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access. |
|
310 |
CVE-2020-10794 |
22 |
|
Dir. Trav. |
2020-05-07 |
2020-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access. |
|
311 |
CVE-2020-10738 |
20 |
|
Exec Code |
2020-05-21 |
2020-05-22 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. |
|
312 |
CVE-2020-10725 |
665 |
|
|
2020-05-20 |
2021-01-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`. |
|
313 |
CVE-2020-10723 |
190 |
|
Mem. Corr. |
2020-05-19 |
2021-01-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption. |
|
314 |
CVE-2020-10722 |
190 |
|
Overflow Mem. Corr. |
2020-05-19 |
2021-01-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. |
|
315 |
CVE-2020-10719 |
444 |
|
|
2020-05-26 |
2022-02-21 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. |
|
316 |
CVE-2020-10711 |
476 |
|
DoS |
2020-05-22 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. |
|
317 |
CVE-2020-10706 |
312 |
|
|
2020-05-12 |
2020-05-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid. |
|
318 |
CVE-2020-10704 |
674 |
|
DoS Overflow |
2020-05-06 |
2021-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. |
|
319 |
CVE-2020-10693 |
20 |
|
Bypass |
2020-05-06 |
2022-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. |
|
320 |
CVE-2020-10690 |
416 |
|
|
2020-05-08 |
2021-12-20 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. |
|
321 |
CVE-2020-10686 |
863 |
|
|
2020-05-04 |
2020-05-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users. |
|
322 |
CVE-2020-10683 |
611 |
|
|
2020-05-01 |
2022-02-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. |
|
323 |
CVE-2020-10654 |
787 |
|
Exec Code Overflow |
2020-05-13 |
2020-05-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. |
|
324 |
CVE-2020-10638 |
787 |
|
Exec Code Overflow |
2020-05-08 |
2021-12-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. |
|
325 |
CVE-2020-10634 |
22 |
|
Dir. Trav. |
2020-05-05 |
2020-05-12 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible. |
|
326 |
CVE-2020-10630 |
79 |
|
XSS |
2020-05-05 |
2020-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users. |
|
327 |
CVE-2020-10626 |
427 |
|
Exec Code |
2020-05-14 |
2022-01-31 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code. |
|
328 |
CVE-2020-10622 |
|
|
|
2020-05-04 |
2020-05-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users |
|
329 |
CVE-2020-10620 |
862 |
|
|
2020-05-14 |
2020-05-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely. |
|
330 |
CVE-2020-10618 |
200 |
|
+Info |
2020-05-04 |
2021-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. |
|
331 |
CVE-2020-10616 |
427 |
|
Exec Code |
2020-05-14 |
2020-05-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. |
|
332 |
CVE-2020-10612 |
862 |
|
|
2020-05-14 |
2020-05-18 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. |
|
333 |
CVE-2020-10187 |
200 |
|
+Info |
2020-05-04 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled. |
|
334 |
CVE-2020-10176 |
94 |
|
|
2020-05-07 |
2022-04-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands. |
|
335 |
CVE-2020-10135 |
290 |
|
|
2020-05-19 |
2021-12-21 |
4.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
None |
|
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. |
|
336 |
CVE-2020-10134 |
436 |
|
|
2020-05-19 |
2020-05-21 |
4.3 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
None |
|
Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedures with the MITM using the confirmation number of one peer as the passkey of the other. An adjacent, unauthenticated attacker could be able to initiate any Bluetooth operation on either attacked device exposed by the enabled Bluetooth profiles. This exposure may be limited when the user must authorize certain access explicitly, but so long as a user assumes that it is the intended remote device requesting permissions, device-local protections may be weakened. |
|
337 |
CVE-2020-10067 |
190 |
|
DoS Exec Code Overflow Mem. Corr. Bypass +Info |
2020-05-11 |
2020-06-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. |
|
338 |
CVE-2020-10060 |
824 |
|
DoS +Info |
2020-05-11 |
2021-10-18 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. |
|
339 |
CVE-2020-10059 |
295 |
|
|
2020-05-11 |
2020-06-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. |
|
340 |
CVE-2020-10058 |
20 |
|
+Priv |
2020-05-11 |
2020-06-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. |
|
341 |
CVE-2020-10030 |
125 |
|
DoS Exec Code |
2020-05-19 |
2020-06-14 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution. |
|
342 |
CVE-2020-10028 |
20 |
|
|
2020-05-11 |
2020-06-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. |
|
343 |
CVE-2020-10027 |
697 |
|
Exec Code |
2020-05-11 |
2020-06-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. |
|
344 |
CVE-2020-10024 |
697 |
|
Exec Code |
2020-05-11 |
2020-06-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. |
|
345 |
CVE-2020-10023 |
120 |
|
DoS Exec Code Overflow Mem. Corr. |
2020-05-11 |
2020-06-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. |
|
346 |
CVE-2020-10022 |
120 |
|
DoS Exec Code Mem. Corr. |
2020-05-11 |
2020-06-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. |
|
347 |
CVE-2020-10021 |
787 |
|
|
2020-05-11 |
2020-06-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. |
|
348 |
CVE-2020-10019 |
120 |
|
Overflow |
2020-05-11 |
2020-06-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. |
|
349 |
CVE-2020-9840 |
|
|
|
2020-05-11 |
2020-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions. |
|
350 |
CVE-2020-9753 |
347 |
|
|
2020-05-20 |
2020-05-21 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer. |
