| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-14093 |
319 |
|
|
2020-06-15 |
2022-04-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. |
|
2 |
CVE-2020-13777 |
327 |
|
Bypass |
2020-06-04 |
2020-06-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. |
|
3 |
CVE-2020-13645 |
295 |
|
|
2020-05-28 |
2021-06-22 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. |
|
4 |
CVE-2020-13632 |
476 |
|
|
2020-05-27 |
2022-05-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. |
|
5 |
CVE-2020-13631 |
|
|
|
2020-05-27 |
2022-05-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. |
|
6 |
CVE-2020-13630 |
416 |
|
|
2020-05-27 |
2022-05-13 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. |
|
7 |
CVE-2020-13434 |
190 |
|
Overflow |
2020-05-24 |
2022-05-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. |
|
8 |
CVE-2020-13398 |
787 |
|
|
2020-05-22 |
2020-11-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. |
|
9 |
CVE-2020-13397 |
125 |
|
|
2020-05-22 |
2020-11-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. |
|
10 |
CVE-2020-13396 |
125 |
|
|
2020-05-22 |
2020-11-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. |
|
11 |
CVE-2020-13254 |
295 |
|
|
2020-06-03 |
2021-01-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. |
|
12 |
CVE-2020-13114 |
770 |
|
|
2020-05-21 |
2022-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. |
|
13 |
CVE-2020-13113 |
908 |
|
|
2020-05-21 |
2022-04-26 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. |
|
14 |
CVE-2020-12768 |
401 |
|
|
2020-05-09 |
2022-04-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will. |
|
15 |
CVE-2020-12663 |
835 |
|
|
2020-05-19 |
2021-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. |
|
16 |
CVE-2020-12662 |
674 |
|
|
2020-05-19 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. |
|
17 |
CVE-2020-12420 |
362 |
|
Mem. Corr. |
2020-07-09 |
2022-05-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
|
18 |
CVE-2020-12417 |
787 |
|
Mem. Corr. |
2020-07-09 |
2022-05-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
|
19 |
CVE-2020-12410 |
787 |
|
Mem. Corr. |
2020-07-09 |
2022-05-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. |
|
20 |
CVE-2020-12405 |
362 |
|
|
2020-07-09 |
2022-05-03 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. |
|
21 |
CVE-2020-12398 |
319 |
|
|
2020-07-09 |
2022-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0. |
|
22 |
CVE-2020-12395 |
787 |
|
Mem. Corr. |
2020-05-26 |
2022-04-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. |
|
23 |
CVE-2020-12392 |
22 |
|
Dir. Trav. |
2020-05-26 |
2022-04-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. |
|
24 |
CVE-2020-12243 |
674 |
|
DoS |
2020-04-28 |
2022-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). |
|
25 |
CVE-2020-12049 |
404 |
|
|
2020-06-08 |
2021-03-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. |
|
26 |
CVE-2020-11958 |
787 |
|
Overflow |
2020-04-21 |
2020-07-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. |
|
27 |
CVE-2020-11945 |
190 |
|
Exec Code Overflow |
2020-04-23 |
2021-03-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials). |
|
28 |
CVE-2020-11934 |
668 |
|
Bypass |
2020-07-29 |
2020-08-05 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2. |
|
29 |
CVE-2020-11933 |
|
|
Bypass |
2020-07-29 |
2021-11-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659. |
|
30 |
CVE-2020-11931 |
668 |
|
Bypass |
2020-05-15 |
2020-05-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; |
|
31 |
CVE-2020-11884 |
362 |
|
Exec Code |
2020-04-29 |
2021-01-04 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. |
|
32 |
CVE-2020-11793 |
416 |
|
DoS Exec Code Mem. Corr. |
2020-04-17 |
2020-06-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). |
|
33 |
CVE-2020-11765 |
125 |
|
|
2020-04-14 |
2022-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read. |
|
34 |
CVE-2020-11758 |
125 |
|
|
2020-04-14 |
2022-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. |
|
35 |
CVE-2020-11736 |
22 |
|
Dir. Trav. |
2020-04-13 |
2022-04-27 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. |
|
36 |
CVE-2020-11655 |
665 |
|
DoS |
2020-04-09 |
2022-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. |
|
37 |
CVE-2020-11526 |
125 |
|
|
2020-05-15 |
2022-04-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. |
|
38 |
CVE-2020-11525 |
125 |
|
|
2020-05-15 |
2020-08-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. |
|
39 |
CVE-2020-11524 |
787 |
|
|
2020-05-15 |
2020-07-27 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. |
|
40 |
CVE-2020-11523 |
190 |
|
Overflow |
2020-05-15 |
2020-08-30 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. |
|
41 |
CVE-2020-11522 |
125 |
|
|
2020-05-15 |
2020-08-30 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. |
|
42 |
CVE-2020-11521 |
125 |
|
|
2020-05-15 |
2022-04-26 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. |
|
43 |
CVE-2020-11501 |
327 |
|
|
2020-04-03 |
2021-07-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. |
|
44 |
CVE-2020-11494 |
908 |
|
|
2020-04-02 |
2022-04-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. |
|
45 |
CVE-2020-11058 |
119 |
|
Overflow |
2020-05-12 |
2021-10-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. |
|
46 |
CVE-2020-11049 |
125 |
|
|
2020-05-07 |
2022-07-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0. |
|
47 |
CVE-2020-11048 |
125 |
|
|
2020-05-07 |
2022-07-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. |
|
48 |
CVE-2020-11047 |
125 |
|
|
2020-05-07 |
2020-06-09 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
None |
Partial |
|
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0. |
|
49 |
CVE-2020-11046 |
119 |
|
Overflow |
2020-05-07 |
2021-09-14 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. |
|
50 |
CVE-2020-11045 |
125 |
|
|
2020-05-07 |
2022-07-01 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
None |
Partial |
|
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. |
