CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3201 CVE-2020-5512 22 Dir. Trav. 2020-01-06 2020-01-08
6.8
None Remote Low ??? Complete None None
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
3202 CVE-2020-5511 89 Sql Bypass 2020-01-08 2020-01-17
6.5
None Remote Low ??? Partial Partial Partial
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.
3203 CVE-2020-5509 434 Exec Code 2020-01-14 2020-01-21
6.5
None Remote Low ??? Partial Partial Partial
PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.
3204 CVE-2020-5504 89 Sql 2020-01-09 2020-11-10
6.5
None Remote Low ??? Partial Partial Partial
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
3205 CVE-2020-5496 787 Overflow 2020-01-03 2020-01-22
6.8
None Remote Medium Not required Partial Partial Partial
FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.
3206 CVE-2020-5428 89 Sql 2021-01-27 2021-02-03
6.5
None Remote Low ??? Partial Partial Partial
In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.
3207 CVE-2020-5427 89 Sql 2021-01-27 2021-02-04
6.5
None Remote Low ??? Partial Partial Partial
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
3208 CVE-2020-5420 754 2020-09-03 2020-09-11
6.8
None Remote Low ??? None None Complete
Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters.
3209 CVE-2020-5417 732 2020-08-21 2020-08-27
6.5
None Remote Low ??? Partial Partial Partial
Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components.
3210 CVE-2020-5415 290 2020-08-12 2020-08-19
6.4
None Remote Low Not required Partial Partial None
Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoofing by way of configuring a GitLab account with the same full name as another user who is granted access to a Concourse team. GitLab groups do not have this vulnerability, so GitLab users may be moved into groups which are then configured in the Concourse team.
3211 CVE-2020-5414 532 2020-07-31 2020-08-04
6.0
None Remote Medium ??? Partial Partial Partial
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators.
3212 CVE-2020-5411 502 Exec Code 2020-06-11 2020-08-07
6.8
None Remote Medium Not required Partial Partial Partial
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch's Jackson support is being leveraged to serialize a job's ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown "deserialization gadgets" when enabling default typing.
3213 CVE-2020-5407 347 2020-05-13 2021-06-14
6.5
None Remote Low ??? Partial Partial Partial
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.
3214 CVE-2020-5402 352 CSRF 2020-02-27 2020-03-03
6.8
None Remote Medium Not required Partial Partial Partial
In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.
3215 CVE-2020-5396 862 Exec Code 2020-07-31 2020-08-04
6.5
None Remote Low ??? Partial Partial Partial
VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution.
3216 CVE-2020-5395 416 2020-01-03 2020-01-22
6.8
None Remote Medium Not required Partial Partial Partial
FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.
3217 CVE-2020-5391 352 CSRF 2020-04-01 2020-04-01
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field.
3218 CVE-2020-5377 22 Dir. Trav. 2020-07-28 2021-04-07
6.4
None Remote Low Not required Partial Partial None
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.
3219 CVE-2020-5371 732 2020-07-06 2020-07-14
6.5
None Remote Low ??? Partial Partial Partial
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files.
3220 CVE-2020-5369 732 +Priv 2020-09-02 2020-09-11
6.5
None Remote Low ??? Partial Partial Partial
Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files.
3221 CVE-2020-5367 295 2020-06-23 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.
3222 CVE-2020-5335 352 CSRF 2020-05-04 2020-05-07
6.8
None Remote Medium Not required Partial Partial Partial
RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site request forgery vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to send arbitrary requests to the vulnerable application to perform server operations with the privileges of the authenticated victim user.
3223 CVE-2020-5310 190 Overflow 2020-01-03 2020-01-31
6.8
None Remote Medium Not required Partial Partial Partial
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
3224 CVE-2020-5302 269 2020-04-07 2020-04-09
6.4
None Remote Low Not required Partial Partial None
MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1.
3225 CVE-2020-5293 863 2020-04-20 2020-04-27
6.4
None Remote Low Not required Partial Partial None
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.
3226 CVE-2020-5292 89 Exec Code Sql 2020-03-31 2020-04-02
6.5
None Remote Low ??? Partial Partial Partial
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and administrators' password hashes, modify data, or drop tables. The unescaped parameter is "searchUsers" when sending a POST request to "/tickets/showKanban" with a valid session. In the code, the parameter is named "users" in class.tickets.php. This issue is fixed in versions 2.0.15 and 2.1.0 beta 3.
3227 CVE-2020-5288 863 2020-04-20 2020-04-27
6.4
None Remote Low Not required Partial Partial None
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5.
3228 CVE-2020-5287 863 2020-04-20 2020-04-27
6.4
None Remote Low Not required Partial Partial None
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5.
3229 CVE-2020-5279 863 2020-04-20 2020-04-29
6.4
None Remote Low Not required Partial Partial None
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5
3230 CVE-2020-5254 119 Overflow 2020-03-10 2020-03-20
6.8
None Remote Medium Not required Partial Partial Partial
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.
3231 CVE-2020-5239 2020-02-13 2020-02-18
6.5
None Remote Low ??? Partial Partial Partial
In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All Docker images published on docker.io/mailu for tags 1.5, 1.6, 1.7 and master are patched. For detailed instructions about patching and securing the server afterwards, see https://github.com/Mailu/Mailu/issues/1354
3232 CVE-2020-5237 22 Exec Code Dir. Trav. 2020-02-05 2020-04-30
6.5
None Remote Low ??? Partial Partial Partial
Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php. This is fixed in versions 1.9.3 and 2.1.5.
3233 CVE-2020-5236 400 2020-02-04 2020-02-06
6.8
None Remote Low ??? None None Complete
Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible.
3234 CVE-2020-5234 787 Overflow 2020-01-31 2020-02-24
6.8
None Remote Low ??? None None Complete
MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps.
3235 CVE-2020-5222 798 2020-01-30 2020-02-05
6.5
None Remote Low ??? Partial Partial Partial
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1
3236 CVE-2020-5221 22 Dir. Trav. 2020-01-22 2020-01-30
6.4
None Remote Low Not required Partial Partial None
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11
3237 CVE-2020-5219 74 Exec Code 2020-01-24 2020-01-31
6.8
None Remote Medium Not required Partial Partial Partial
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution.
3238 CVE-2020-5208 120 Exec Code Overflow 2020-02-05 2021-01-10
6.5
None Remote Low ??? Partial Partial Partial
It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.
3239 CVE-2020-5206 287 2020-01-30 2020-02-05
6.4
None Remote Low Not required Partial Partial None
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access. This way, an attacker can, for example, fake a remember-me token, assume the identity of the global system administrator and request non-public content from the search service without ever providing any proper authentication. This problem is fixed in Opencast 7.6 and Opencast 8.1
3240 CVE-2020-5204 120 Overflow 2020-01-06 2020-01-18
6.5
None Remote Low ??? Partial Partial Partial
In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11
3241 CVE-2020-5192 89 Sql 2020-01-06 2020-01-13
6.5
None Remote Low ??? Partial Partial Partial
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.
3242 CVE-2020-5187 22 Dir. Trav. 2020-02-24 2020-02-24
6.5
None Remote Low ??? Partial Partial Partial
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).
3243 CVE-2020-5148 287 Bypass 2021-03-05 2021-03-15
6.4
None Remote Low Not required Partial Partial None
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls.
3244 CVE-2020-5145 427 Exec Code 2020-10-28 2020-10-30
6.9
None Local Medium Not required Complete Complete Complete
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.
3245 CVE-2020-5144 426 2020-10-28 2020-11-03
6.9
None Local Medium Not required Complete Complete Complete
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.
3246 CVE-2020-5141 307 2020-10-12 2020-10-23
6.4
None Remote Low Not required Partial Partial None
A vulnerability in SonicOS allows a remote unauthenticated attacker to brute force Virtual Assist ticket ID in the firewall SSLVPN service. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
3247 CVE-2020-5019 74 XSS 2021-01-08 2021-01-11
6.4
None Remote Low Not required Partial Partial None
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 193655.
3248 CVE-2020-4990 89 Sql 2021-05-24 2021-05-25
6.5
None Remote Low ??? Partial Partial Partial
IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710.
3249 CVE-2020-4949 611 2021-01-26 2021-01-29
6.4
None Remote Low Not required Partial None Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025.
3250 CVE-2020-4942 352 CSRF 2021-01-04 2021-01-06
6.8
None Remote Medium Not required Partial Partial Partial
IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191942.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.