CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2020 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2020-10958 416 2020-05-18 2020-05-28
5.0
None Remote Low Not required None None Partial
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
302 CVE-2020-10957 476 2020-05-18 2020-05-28
5.0
None Remote Low Not required None None Partial
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
303 CVE-2020-10946 79 XSS 2020-05-27 2020-05-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.
304 CVE-2020-10936 269 2020-05-27 2020-12-24
7.2
None Local Low Not required Complete Complete Complete
Sympa before 6.2.56 allows privilege escalation.
305 CVE-2020-10933 908 2020-05-04 2022-05-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
306 CVE-2020-10916 287 Exec Code Bypass 2020-05-07 2020-05-14
5.2
None Local Network Low ??? Partial Partial Partial
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003.
307 CVE-2020-10876 613 Bypass 2020-05-04 2020-05-15
5.0
None Remote Low Not required None Partial None
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account.
308 CVE-2020-10859 22 Dir. Trav. 2020-05-05 2020-05-12
4.0
None Remote Low ??? None Partial None
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request.
309 CVE-2020-10795 78 Exec Code 2020-05-07 2020-05-12
9.0
None Remote Low ??? Complete Complete Complete
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access.
310 CVE-2020-10794 22 Dir. Trav. 2020-05-07 2020-05-13
5.0
None Remote Low Not required Partial None None
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access.
311 CVE-2020-10738 20 Exec Code 2020-05-21 2020-05-22
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution.
312 CVE-2020-10725 665 2020-05-20 2021-01-20
4.0
None Remote Low ??? None None Partial
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.
313 CVE-2020-10723 190 Mem. Corr. 2020-05-19 2021-01-20
4.6
None Local Low Not required Partial Partial Partial
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.
314 CVE-2020-10722 190 Overflow Mem. Corr. 2020-05-19 2021-01-20
4.6
None Local Low Not required Partial Partial Partial
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
315 CVE-2020-10719 444 2020-05-26 2022-02-21
6.4
None Remote Low Not required Partial Partial None
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
316 CVE-2020-10711 476 DoS 2020-05-22 2022-04-22
4.3
None Remote Medium Not required None None Partial
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.
317 CVE-2020-10706 312 2020-05-12 2020-05-14
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid.
318 CVE-2020-10704 674 DoS Overflow 2020-05-06 2021-12-20
5.0
None Remote Low Not required None None Partial
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.
319 CVE-2020-10693 20 Bypass 2020-05-06 2022-05-10
5.0
None Remote Low Not required None Partial None
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
320 CVE-2020-10690 416 2020-05-08 2021-12-20
4.4
None Local Medium Not required Partial Partial Partial
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.
321 CVE-2020-10686 863 2020-05-04 2020-05-07
6.5
None Remote Low ??? Partial Partial Partial
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users.
322 CVE-2020-10683 611 2020-05-01 2022-02-22
7.5
None Remote Low Not required Partial Partial Partial
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
323 CVE-2020-10654 787 Exec Code Overflow 2020-05-13 2020-05-15
7.5
None Remote Low Not required Partial Partial Partial
Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.
324 CVE-2020-10638 787 Exec Code Overflow 2020-05-08 2021-12-17
7.5
None Remote Low Not required Partial Partial Partial
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
325 CVE-2020-10634 22 Dir. Trav. 2020-05-05 2020-05-12
6.4
None Remote Low Not required Partial Partial None
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible.
326 CVE-2020-10630 79 XSS 2020-05-05 2020-05-12
4.3
None Remote Medium Not required None Partial None
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users.
327 CVE-2020-10626 427 Exec Code 2020-05-14 2022-01-31
6.9
None Local Medium Not required Complete Complete Complete
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.
328 CVE-2020-10622 2020-05-04 2020-05-06
6.8
None Remote Medium Not required Partial Partial Partial
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users
329 CVE-2020-10620 862 2020-05-14 2020-05-18
7.5
None Remote Low Not required Partial Partial Partial
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely.
330 CVE-2020-10618 200 +Info 2020-05-04 2021-09-14
4.3
None Remote Medium Not required Partial None None
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users.
331 CVE-2020-10616 427 Exec Code 2020-05-14 2020-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts.
332 CVE-2020-10612 862 2020-05-14 2020-05-18
6.4
None Remote Low Not required None Partial Partial
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values.
333 CVE-2020-10187 200 +Info 2020-05-04 2021-07-21
4.3
None Remote Medium Not required Partial None None
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled.
334 CVE-2020-10176 94 2020-05-07 2022-04-28
10.0
None Remote Low Not required Complete Complete Complete
ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands.
335 CVE-2020-10135 290 2020-05-19 2021-12-21
4.8
None Local Network Low Not required Partial Partial None
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.
336 CVE-2020-10134 436 2020-05-19 2020-05-21
4.3
None Local Network Medium Not required Partial Partial None
Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedures with the MITM using the confirmation number of one peer as the passkey of the other. An adjacent, unauthenticated attacker could be able to initiate any Bluetooth operation on either attacked device exposed by the enabled Bluetooth profiles. This exposure may be limited when the user must authorize certain access explicitly, but so long as a user assumes that it is the intended remote device requesting permissions, device-local protections may be weakened.
337 CVE-2020-10067 190 DoS Exec Code Overflow Mem. Corr. Bypass +Info 2020-05-11 2020-06-05
7.2
None Local Low Not required Complete Complete Complete
A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
338 CVE-2020-10060 824 DoS +Info 2020-05-11 2021-10-18
5.5
None Remote Low ??? Partial None Partial
In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
339 CVE-2020-10059 295 2020-05-11 2020-06-05
5.8
None Remote Medium Not required Partial None Partial
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
340 CVE-2020-10058 20 +Priv 2020-05-11 2020-06-05
4.6
None Local Low Not required Partial Partial Partial
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions.
341 CVE-2020-10030 125 DoS Exec Code 2020-05-19 2020-06-14
6.5
None Remote Low ??? Partial Partial Partial
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.
342 CVE-2020-10028 20 2020-05-11 2020-06-05
4.6
None Local Low Not required Partial Partial Partial
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
343 CVE-2020-10027 697 Exec Code 2020-05-11 2020-06-05
7.2
None Local Low Not required Complete Complete Complete
An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
344 CVE-2020-10024 697 Exec Code 2020-05-11 2020-06-05
7.2
None Local Low Not required Complete Complete Complete
The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
345 CVE-2020-10023 120 DoS Exec Code Overflow Mem. Corr. 2020-05-11 2020-06-05
4.6
None Local Low Not required Partial Partial Partial
The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions.
346 CVE-2020-10022 120 DoS Exec Code Mem. Corr. 2020-05-11 2020-06-05
7.5
None Remote Low Not required Partial Partial Partial
A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
347 CVE-2020-10021 787 2020-05-11 2020-06-05
4.6
None Local Low Not required Partial Partial Partial
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
348 CVE-2020-10019 120 Overflow 2020-05-11 2020-06-05
4.6
None Local Low Not required Partial Partial Partial
USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
349 CVE-2020-9840 2020-05-11 2020-05-14
5.0
None Remote Low Not required None None Partial
In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.
350 CVE-2020-9753 347 2020-05-20 2020-05-21
6.4
None Remote Low Not required Partial Partial None
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
Total number of vulnerabilities : 866   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.