| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-27577 |
444 |
|
|
2021-06-29 |
2021-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. |
|
2 |
CVE-2020-15011 |
74 |
|
|
2020-06-24 |
2021-11-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. |
|
3 |
CVE-2020-14954 |
74 |
|
|
2020-06-21 |
2023-02-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." |
|
4 |
CVE-2020-14929 |
|
|
|
2020-06-19 |
2023-01-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. |
|
5 |
CVE-2020-14405 |
770 |
|
|
2020-06-17 |
2022-03-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. |
|
6 |
CVE-2020-14404 |
787 |
|
|
2020-06-17 |
2022-03-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. |
|
7 |
CVE-2020-14403 |
787 |
|
|
2020-06-17 |
2022-03-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. |
|
8 |
CVE-2020-14402 |
787 |
|
|
2020-06-17 |
2022-03-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. |
|
9 |
CVE-2020-14401 |
190 |
|
Overflow |
2020-06-17 |
2022-03-09 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. |
|
10 |
CVE-2020-14400 |
|
|
|
2020-06-17 |
2023-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary. |
|
11 |
CVE-2020-14399 |
|
|
|
2020-06-17 |
2023-02-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed." |
|
12 |
CVE-2020-14398 |
835 |
|
|
2020-06-17 |
2022-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. |
|
13 |
CVE-2020-14397 |
476 |
|
|
2020-06-17 |
2022-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. |
|
14 |
CVE-2020-14396 |
476 |
|
|
2020-06-17 |
2022-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. |
|
15 |
CVE-2020-14195 |
502 |
|
|
2020-06-16 |
2021-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). |
|
16 |
CVE-2020-14148 |
125 |
|
|
2020-06-15 |
2023-01-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. |
|
17 |
CVE-2020-14093 |
319 |
|
|
2020-06-15 |
2022-04-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. |
|
18 |
CVE-2020-14062 |
502 |
|
|
2020-06-14 |
2021-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). |
|
19 |
CVE-2020-14061 |
502 |
|
|
2020-06-14 |
2021-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). |
|
20 |
CVE-2020-13881 |
532 |
|
|
2020-06-06 |
2022-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. |
|
21 |
CVE-2020-13848 |
476 |
|
DoS |
2020-06-04 |
2021-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. |
|
22 |
CVE-2020-13765 |
787 |
|
|
2020-06-04 |
2022-10-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. |
|
23 |
CVE-2020-13696 |
863 |
|
|
2020-06-08 |
2022-04-28 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. |
|
24 |
CVE-2020-13625 |
116 |
|
|
2020-06-08 |
2023-01-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. |
|
25 |
CVE-2020-13434 |
190 |
|
Overflow |
2020-05-24 |
2023-01-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. |
|
26 |
CVE-2020-13362 |
125 |
|
|
2020-05-28 |
2022-11-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. |
|
27 |
CVE-2020-13361 |
787 |
|
|
2020-05-28 |
2022-11-29 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. |
|
28 |
CVE-2020-13254 |
295 |
|
|
2020-06-03 |
2022-09-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. |
|
29 |
CVE-2020-13143 |
125 |
|
|
2020-05-18 |
2022-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. |
|
30 |
CVE-2020-13113 |
908 |
|
|
2020-05-21 |
2022-04-26 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. |
|
31 |
CVE-2020-13112 |
125 |
|
|
2020-05-21 |
2023-01-27 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. |
|
32 |
CVE-2020-12823 |
120 |
|
DoS Overflow |
2020-05-12 |
2023-01-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. |
|
33 |
CVE-2020-12783 |
125 |
|
Bypass |
2020-05-11 |
2022-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. |
|
34 |
CVE-2020-12770 |
|
|
|
2020-05-09 |
2023-03-01 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. |
|
35 |
CVE-2020-12769 |
662 |
|
|
2020-05-09 |
2022-05-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. |
|
36 |
CVE-2020-12767 |
369 |
|
|
2020-05-09 |
2023-01-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. |
|
37 |
CVE-2020-12762 |
787 |
|
Overflow |
2020-05-09 |
2022-11-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. |
|
38 |
CVE-2020-12672 |
787 |
|
Overflow |
2020-05-06 |
2022-11-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c. |
|
39 |
CVE-2020-12653 |
787 |
|
DoS Overflow +Priv |
2020-05-05 |
2022-04-26 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. |
|
40 |
CVE-2020-12243 |
674 |
|
DoS |
2020-04-28 |
2022-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). |
|
41 |
CVE-2020-12137 |
79 |
|
Exec Code XSS |
2020-04-24 |
2022-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. |
|
42 |
CVE-2020-11868 |
346 |
|
|
2020-04-17 |
2022-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. |
|
43 |
CVE-2020-11810 |
362 |
|
|
2020-04-27 |
2022-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use. |
|
44 |
CVE-2020-11736 |
22 |
|
Dir. Trav. |
2020-04-13 |
2022-04-27 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. |
|
45 |
CVE-2020-11728 |
384 |
|
|
2020-04-15 |
2020-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session. |
|
46 |
CVE-2020-11655 |
665 |
|
DoS |
2020-04-09 |
2022-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. |
|
47 |
CVE-2020-11652 |
22 |
|
Dir. Trav. |
2020-04-30 |
2022-05-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. |
|
48 |
CVE-2020-11651 |
|
|
|
2020-04-30 |
2022-07-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions. |
|
49 |
CVE-2020-11620 |
502 |
|
|
2020-04-07 |
2021-02-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). |
|
50 |
CVE-2020-11619 |
502 |
|
|
2020-04-07 |
2021-02-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). |
