| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
351 |
CVE-2020-11037 |
362 |
|
|
2020-04-30 |
2020-05-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls. This password check is performed through a character-by-character string comparison, and so an attacker who is able to measure the time taken by this check to a high degree of accuracy could potentially use timing differences to gain knowledge of the password. This is understood to be feasible on a local network, but not on the public internet. Privacy settings that restrict access to pages/documents on a per-user or per-group basis (as opposed to a shared password) are unaffected by this vulnerability. This has been patched in 2.7.3, 2.8.2, 2.9. |
|
352 |
CVE-2020-11030 |
79 |
|
XSS |
2020-04-30 |
2020-05-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). |
|
353 |
CVE-2020-11029 |
79 |
|
XSS |
2020-04-30 |
2020-05-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). |
|
354 |
CVE-2020-11028 |
306 |
|
|
2020-04-30 |
2021-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). |
|
355 |
CVE-2020-11027 |
640 |
|
|
2020-04-30 |
2020-05-11 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). |
|
356 |
CVE-2020-11026 |
79 |
|
XSS |
2020-04-30 |
2020-05-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). |
|
357 |
CVE-2020-11025 |
79 |
|
Exec Code XSS |
2020-04-30 |
2020-05-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed. Exploitation requires an authenticated user. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). |
|
358 |
CVE-2020-11024 |
200 |
|
+Info |
2020-04-29 |
2021-10-26 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack. The bug has been fixed in Moonlight v4.0.1 for iOS and tvOS. |
|
359 |
CVE-2020-11023 |
79 |
|
Exec Code XSS |
2020-04-29 |
2022-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
|
360 |
CVE-2020-11022 |
79 |
|
Exec Code XSS |
2020-04-29 |
2022-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
|
361 |
CVE-2020-11021 |
|
|
|
2020-04-29 |
2021-09-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect (302) and 3. the redirect url redirects to another domain or hostname Then the authorization header will get passed to the other domain. The problem is fixed in version 1.0.8. |
|
362 |
CVE-2020-11020 |
287 |
|
Bypass |
2020-04-29 |
2020-05-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5. |
|
363 |
CVE-2020-11016 |
78 |
|
Exec Code |
2020-04-30 |
2020-05-06 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver. Version 2.1.1 fixes the vulnerability. |
|
364 |
CVE-2020-11015 |
290 |
|
|
2020-04-30 |
2020-05-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0.
Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC
address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies
to all (mostly ESP8266/ESP32) users.
This has been fixed in firmware version 2.5.0. |
|
365 |
CVE-2020-11014 |
|
|
|
2020-04-28 |
2020-05-06 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token creators that use the "Mint Tool" feature of the Electron Cash SLP Edition are at risk of sending the minting authority baton to the wrong SLP address. Sending the mint baton to the wrong address will give another party the ability to issue new tokens or permanently destroy future minting capability. This is fixed version 3.6.2. |
|
366 |
CVE-2020-11013 |
200 |
|
+Info |
2020-04-24 |
2020-07-06 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be used as part of the process to render templates. The documented behavior of `helm template` states that it does not attach to a remote cluster. However, a the recently added `lookup` template function circumvents this restriction and connects to the cluster even during `helm template` and `helm install|update|delete|rollback --dry-run`. The user is not notified of this behavior. Running `helm template` should not make calls to a cluster. This is different from `install`, which is presumed to have access to a cluster in order to load resources into Kubernetes. Helm 2 is unaffected by this vulnerability. A malicious chart author could inject a `lookup` into a chart that, when rendered through `helm template`, performs unannounced lookups against the cluster a user's `KUBECONFIG` file points to. This information can then be disclosed via the output of `helm template`. This issue has been fixed in Helm 3.2.0 |
|
367 |
CVE-2020-11012 |
755 |
|
Bypass |
2020-04-23 |
2021-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z. |
|
368 |
CVE-2020-11011 |
434 |
|
Exec Code |
2020-04-22 |
2020-04-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8. |
|
369 |
CVE-2020-11010 |
89 |
|
Sql |
2020-04-20 |
2020-04-28 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their case-insensitive counterparts). |
|
370 |
CVE-2020-11009 |
639 |
|
|
2020-04-29 |
2021-09-14 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see. Depending on the configuration and the way that Rundeck is used, this could result in anything between a high severity risk, or a very low risk. If access is tightly restricted and all users on the system have access to all projects, this is not really much of an issue. If access is wider and allows login for users that do not have access to any projects, or project access is restricted, there is a larger issue. If access is meant to be restricted and secrets, sensitive data, or intellectual property are exposed in Rundeck execution output and job data, the risk becomes much higher. This vulnerability is patched in version 3.2.6 |
|
371 |
CVE-2020-11008 |
522 |
|
|
2020-04-21 |
2020-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. |
|
372 |
CVE-2020-11007 |
20 |
|
|
2020-04-16 |
2020-04-29 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0. |
|
373 |
CVE-2020-11005 |
327 |
|
|
2020-04-14 |
2020-04-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another executable could be able to decrypt the text using the static method NCryptDecrypt from this same library without the need to use Windows Hello Authentication again. This has been patched in version 1.0.4. |
|
374 |
CVE-2020-11004 |
89 |
|
Sql |
2020-04-24 |
2020-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SQL Injection was discovered in Admidio before version 3.3.13. The main cookie parameter is concatenated into a SQL query without any input validation/sanitization, thus an attacker without logging in, can send a GET request with arbitrary SQL queries appended to the cookie parameter and execute SQL queries. The vulnerability impacts the confidentiality of the system. This has been patched in version 3.3.13. |
|
375 |
CVE-2020-11003 |
352 |
|
CSRF |
2020-04-14 |
2020-04-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. This has been patched in 2.15.0. |
|
376 |
CVE-2020-11002 |
74 |
|
Exec Code |
2020-04-10 |
2020-04-13 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. A server-side template injection was identified in the self-validating feature enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution (RCE) vulnerability. If you are using a self-validating bean an upgrade to Dropwizard 1.3.21/2.0.3 or later is strongly recommended. The changes introduced in Dropwizard 1.3.19 and 2.0.2 for CVE-2020-5245 unfortunately did not fix the underlying issue completely. The issue has been fixed in dropwizard-validation 1.3.21 and 2.0.3 or later. We strongly recommend upgrading to one of these versions. |
|
377 |
CVE-2020-11001 |
79 |
|
XSS |
2020-04-14 |
2020-04-15 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 2.7.2 (for the LTS 2.7 branch) and Wagtail 2.8.1 (for the current 2.8 branch). |
|
378 |
CVE-2020-11000 |
|
|
|
2020-04-08 |
2021-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL parsing and verification wrong, which allows an attacker to circumvent the access control. This problem has been patched in version 1.2. |
|
379 |
CVE-2020-10997 |
20 |
|
|
2020-04-27 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. |
|
380 |
CVE-2020-10996 |
798 |
|
|
2020-04-27 |
2022-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected. |
|
381 |
CVE-2020-10981 |
20 |
|
|
2020-04-08 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. |
|
382 |
CVE-2020-10980 |
918 |
|
|
2020-04-08 |
2020-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. |
|
383 |
CVE-2020-10979 |
200 |
|
+Info |
2020-04-08 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. |
|
384 |
CVE-2020-10978 |
200 |
|
+Info |
2020-04-08 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. |
|
385 |
CVE-2020-10977 |
22 |
|
Dir. Trav. |
2020-04-08 |
2020-12-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. |
|
386 |
CVE-2020-10976 |
200 |
|
+Info |
2020-04-08 |
2020-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. |
|
387 |
CVE-2020-10975 |
200 |
|
+Info |
2020-04-08 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. |
|
388 |
CVE-2020-10960 |
116 |
|
XSS |
2020-04-03 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS). |
|
389 |
CVE-2020-10951 |
1021 |
|
|
2020-04-15 |
2020-08-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. |
|
390 |
CVE-2020-10948 |
74 |
|
Exec Code |
2020-04-01 |
2021-07-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests. |
|
391 |
CVE-2020-10947 |
269 |
|
|
2020-04-17 |
2021-07-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. |
|
392 |
CVE-2020-10944 |
79 |
|
XSS |
2020-04-28 |
2020-05-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5. |
|
393 |
CVE-2020-10935 |
79 |
|
XSS |
2020-04-20 |
2020-04-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. |
|
394 |
CVE-2020-10932 |
327 |
|
|
2020-04-15 |
2022-05-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS. |
|
395 |
CVE-2020-10915 |
502 |
|
Exec Code |
2020-04-22 |
2020-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401. |
|
396 |
CVE-2020-10914 |
502 |
|
Exec Code |
2020-04-22 |
2020-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PerformHandshake method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10400. |
|
397 |
CVE-2020-10913 |
843 |
|
Exec Code |
2020-04-22 |
2020-07-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OCRAndExportToExcel command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9946. |
|
398 |
CVE-2020-10912 |
843 |
|
Exec Code |
2020-04-22 |
2020-04-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the SetFieldValue command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9945. |
|
399 |
CVE-2020-10911 |
843 |
|
Exec Code |
2020-04-22 |
2020-04-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the GetFieldValue command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9944. |
|
400 |
CVE-2020-10910 |
843 |
|
Exec Code |
2020-04-22 |
2020-04-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the RotatePage command of the communication API. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9943. |
