| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
351 |
CVE-2020-10995 |
400 |
|
|
2020-05-19 |
2022-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue. |
|
352 |
CVE-2020-10974 |
306 |
|
|
2020-05-07 |
2022-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, Wavlink WN572HG3, Wavlink WN575A4, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000 |
|
353 |
CVE-2020-10973 |
306 |
|
|
2020-05-07 |
2022-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 affecting /cgi-bin/ExportAllSettings.sh where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available. |
|
354 |
CVE-2020-10972 |
306 |
|
|
2020-05-07 |
2022-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered where a page is exposed that has the current administrator password in cleartext in the source code of the page. No authentication is required in order to reach the page (a certain live_?.shtml page with the variable syspasswd). Affected Devices: Wavlink WN530HG4, Wavlink WN531G3, and Wavlink WN572HG3 |
|
355 |
CVE-2020-10971 |
20 |
|
Exec Code |
2020-05-07 |
2020-12-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session. Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000 |
|
356 |
CVE-2020-10967 |
20 |
|
|
2020-05-18 |
2020-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. |
|
357 |
CVE-2020-10958 |
416 |
|
|
2020-05-18 |
2020-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. |
|
358 |
CVE-2020-10957 |
476 |
|
|
2020-05-18 |
2020-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. |
|
359 |
CVE-2020-10946 |
79 |
|
XSS |
2020-05-27 |
2020-05-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget. |
|
360 |
CVE-2020-10945 |
200 |
|
+Info |
2020-05-27 |
2020-08-03 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Centreon before 19.10.7 exposes Session IDs in server responses. |
|
361 |
CVE-2020-10936 |
269 |
|
|
2020-05-27 |
2020-12-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Sympa before 6.2.56 allows privilege escalation. |
|
362 |
CVE-2020-10933 |
908 |
|
|
2020-05-04 |
2022-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. |
|
363 |
CVE-2020-10916 |
287 |
|
Exec Code Bypass |
2020-05-07 |
2020-05-14 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
|
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003. |
|
364 |
CVE-2020-10876 |
613 |
|
Bypass |
2020-05-04 |
2020-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correctly implement its timeout on the four-digit verification code that is required for resetting passwords, nor does it properly restrict excessive verification attempts. This allows an attacker to brute force the four-digit verification code in order to bypass email verification and change the password of a victim account. |
|
365 |
CVE-2020-10859 |
22 |
|
Dir. Trav. |
2020-05-05 |
2020-05-12 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ZIP archive extraction via Directory Traversal in a crafted AppDependency API request. |
|
366 |
CVE-2020-10795 |
78 |
|
Exec Code |
2020-05-07 |
2020-05-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access. |
|
367 |
CVE-2020-10794 |
22 |
|
Dir. Trav. |
2020-05-07 |
2020-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker to download the application database. This can be combined with CVE-2020-10795 for remote root access. |
|
368 |
CVE-2020-10751 |
345 |
|
|
2020-05-26 |
2021-06-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. |
|
369 |
CVE-2020-10744 |
668 |
|
|
2020-05-15 |
2020-05-29 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. |
|
370 |
CVE-2020-10738 |
20 |
|
Exec Code |
2020-05-21 |
2020-05-22 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. |
|
371 |
CVE-2020-10737 |
362 |
|
|
2020-05-27 |
2021-10-26 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user. |
|
372 |
CVE-2020-10726 |
190 |
|
DoS |
2020-05-20 |
2021-01-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service. |
|
373 |
CVE-2020-10725 |
665 |
|
|
2020-05-20 |
2021-01-20 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`. |
|
374 |
CVE-2020-10724 |
125 |
|
+Info |
2020-05-19 |
2021-10-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read. |
|
375 |
CVE-2020-10723 |
190 |
|
Mem. Corr. |
2020-05-19 |
2021-01-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption. |
|
376 |
CVE-2020-10722 |
190 |
|
Overflow Mem. Corr. |
2020-05-19 |
2021-01-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. |
|
377 |
CVE-2020-10719 |
444 |
|
|
2020-05-26 |
2022-02-21 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. |
|
378 |
CVE-2020-10717 |
770 |
|
DoS |
2020-05-04 |
2021-12-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host. |
|
379 |
CVE-2020-10711 |
476 |
|
DoS |
2020-05-22 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. |
|
380 |
CVE-2020-10706 |
312 |
|
|
2020-05-12 |
2020-05-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid. |
|
381 |
CVE-2020-10704 |
674 |
|
DoS Overflow |
2020-05-06 |
2021-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. |
|
382 |
CVE-2020-10700 |
416 |
|
DoS |
2020-05-04 |
2020-09-01 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. |
|
383 |
CVE-2020-10693 |
20 |
|
Bypass |
2020-05-06 |
2022-05-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. |
|
384 |
CVE-2020-10690 |
416 |
|
|
2020-05-08 |
2021-12-20 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. |
|
385 |
CVE-2020-10686 |
863 |
|
|
2020-05-04 |
2020-05-07 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where a malicious user registers as oneself. The attacker could then use the remove devices form to post different credential IDs and possibly remove MFA devices for other users. |
|
386 |
CVE-2020-10683 |
611 |
|
|
2020-05-01 |
2022-02-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. |
|
387 |
CVE-2020-10654 |
787 |
|
Exec Code Overflow |
2020-05-13 |
2020-05-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. |
|
388 |
CVE-2020-10638 |
787 |
|
Exec Code Overflow |
2020-05-08 |
2021-12-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. |
|
389 |
CVE-2020-10634 |
22 |
|
Dir. Trav. |
2020-05-05 |
2020-05-12 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible. |
|
390 |
CVE-2020-10630 |
79 |
|
XSS |
2020-05-05 |
2020-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users. |
|
391 |
CVE-2020-10626 |
427 |
|
Exec Code |
2020-05-14 |
2022-01-31 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code. |
|
392 |
CVE-2020-10622 |
|
|
|
2020-05-04 |
2020-05-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users |
|
393 |
CVE-2020-10620 |
862 |
|
|
2020-05-14 |
2020-05-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely. |
|
394 |
CVE-2020-10618 |
200 |
|
+Info |
2020-05-04 |
2021-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users. |
|
395 |
CVE-2020-10616 |
427 |
|
Exec Code |
2020-05-14 |
2020-05-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. |
|
396 |
CVE-2020-10612 |
862 |
|
|
2020-05-14 |
2020-05-18 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. |
|
397 |
CVE-2020-10187 |
200 |
|
+Info |
2020-05-04 |
2021-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled. |
|
398 |
CVE-2020-10176 |
94 |
|
|
2020-05-07 |
2022-04-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands. |
|
399 |
CVE-2020-10135 |
290 |
|
|
2020-05-19 |
2021-12-21 |
4.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
None |
|
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. |
|
400 |
CVE-2020-10134 |
436 |
|
|
2020-05-19 |
2020-05-21 |
4.3 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
None |
|
Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedures with the MITM using the confirmation number of one peer as the passkey of the other. An adjacent, unauthenticated attacker could be able to initiate any Bluetooth operation on either attacked device exposed by the enabled Bluetooth profiles. This exposure may be limited when the user must authorize certain access explicitly, but so long as a user assumes that it is the intended remote device requesting permissions, device-local protections may be weakened. |
