| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-11441 |
74 |
|
|
2020-03-31 |
2020-04-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable." |
|
2 |
CVE-2020-11414 |
22 |
|
Dir. Trav. |
2020-03-31 |
2020-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the directory where the upload handler class is defined. Before 2020.1.330, a crafted web request could result in uploads to arbitrary locations. |
|
3 |
CVE-2020-11113 |
502 |
|
|
2020-03-31 |
2021-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). |
|
4 |
CVE-2020-11112 |
502 |
|
|
2020-03-31 |
2021-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). |
|
5 |
CVE-2020-11111 |
502 |
|
|
2020-03-31 |
2021-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). |
|
6 |
CVE-2020-11106 |
79 |
|
XSS |
2020-03-30 |
2020-04-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in Responsive Filemanager through 9.14.0. In the dialog.php page, the session variable $_SESSION['RF']["view_type"] wasn't sanitized if it was already set. This made stored XSS possible if one opens ajax_calls.php and uses the "view" action and places a payload in the type parameter, and then returns to the dialog.php page. This occurs because ajax_calls.php was also able to set the $_SESSION['RF']["view_type"] variable, but there it wasn't sanitized. |
|
7 |
CVE-2020-11105 |
763 |
|
|
2020-03-30 |
2020-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests. |
|
8 |
CVE-2020-11104 |
119 |
|
Overflow +Info |
2020-03-30 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside of a trusted context. |
|
9 |
CVE-2020-10993 |
611 |
|
|
2020-03-27 |
2020-03-31 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. |
|
10 |
CVE-2020-10992 |
611 |
|
|
2020-03-27 |
2020-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. |
|
11 |
CVE-2020-10991 |
611 |
|
|
2020-03-27 |
2020-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java |
|
12 |
CVE-2020-10990 |
611 |
|
|
2020-03-27 |
2020-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. |
|
13 |
CVE-2020-10969 |
502 |
|
|
2020-03-26 |
2021-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. |
|
14 |
CVE-2020-10968 |
502 |
|
|
2020-03-26 |
2021-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). |
|
15 |
CVE-2020-10966 |
|
|
|
2020-03-25 |
2022-07-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. |
|
16 |
CVE-2020-10965 |
522 |
|
|
2020-03-25 |
2021-07-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is not disabled. It is fixed in 20.01.1 and 19.11.2. |
|
17 |
CVE-2020-10964 |
434 |
|
Exec Code |
2020-03-25 |
2020-03-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. |
|
18 |
CVE-2020-10963 |
434 |
|
Exec Code |
2020-03-25 |
2023-02-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued. |
|
19 |
CVE-2020-10956 |
918 |
|
|
2020-03-27 |
2020-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. |
|
20 |
CVE-2020-10955 |
862 |
|
|
2020-03-27 |
2022-04-22 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. |
|
21 |
CVE-2020-10954 |
400 |
|
|
2020-03-27 |
2020-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
GitLab through 12.9 is affected by a potential DoS in repository archive download. |
|
22 |
CVE-2020-10953 |
22 |
|
Dir. Trav. |
2020-03-27 |
2020-03-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. |
|
23 |
CVE-2020-10952 |
863 |
|
|
2020-03-27 |
2021-07-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. |
|
24 |
CVE-2020-10942 |
787 |
|
|
2020-03-24 |
2022-04-22 |
5.4 |
None |
Local |
Medium |
Not required |
None |
Partial |
Complete |
|
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. |
|
25 |
CVE-2020-10941 |
|
|
+Info |
2020-03-24 |
2023-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. |
|
26 |
CVE-2020-10940 |
269 |
|
|
2020-03-27 |
2020-03-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. |
|
27 |
CVE-2020-10939 |
269 |
|
|
2020-03-27 |
2021-07-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. |
|
28 |
CVE-2020-10938 |
787 |
|
Overflow |
2020-03-24 |
2022-01-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. |
|
29 |
CVE-2020-10934 |
434 |
|
|
2020-03-24 |
2023-02-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. |
|
30 |
CVE-2020-10931 |
120 |
|
DoS |
2020-03-24 |
2020-03-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. |
|
31 |
CVE-2020-10888 |
287 |
|
Bypass |
2020-03-25 |
2020-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664. |
|
32 |
CVE-2020-10887 |
|
|
Exec Code Bypass |
2020-03-25 |
2021-10-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663. |
|
33 |
CVE-2020-10886 |
78 |
|
Exec Code |
2020-03-25 |
2020-04-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662. |
|
34 |
CVE-2020-10885 |
20 |
|
Exec Code |
2020-03-25 |
2020-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661. |
|
35 |
CVE-2020-10884 |
798 |
|
Exec Code |
2020-03-25 |
2023-02-16 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652. |
|
36 |
CVE-2020-10883 |
732 |
|
Exec Code |
2020-03-25 |
2023-02-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651. |
|
37 |
CVE-2020-10882 |
78 |
|
Exec Code |
2020-03-25 |
2023-02-03 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650. |
|
38 |
CVE-2020-10881 |
787 |
|
Exec Code Overflow |
2020-03-25 |
2020-03-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660. |
|
39 |
CVE-2020-10879 |
74 |
|
|
2020-03-23 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. |
|
40 |
CVE-2020-10875 |
22 |
|
Dir. Trav. |
2020-03-23 |
2020-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. |
|
41 |
CVE-2020-10874 |
200 |
|
+Info |
2020-03-23 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Motorola FX9500 devices allow remote attackers to read database files. |
|
42 |
CVE-2020-10871 |
200 |
|
+Info |
2020-03-23 |
2020-03-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further. |
|
43 |
CVE-2020-10870 |
20 |
|
DoS |
2020-03-23 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service. |
|
44 |
CVE-2020-10855 |
20 |
|
Bypass |
2020-03-24 |
2021-07-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppTray. The Samsung ID is SVE-2019-16192 (January 2020). |
|
45 |
CVE-2020-10854 |
200 |
|
+Info |
2020-03-24 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020). |
|
46 |
CVE-2020-10853 |
200 |
|
+Info |
2020-03-24 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 (January 2020). |
|
47 |
CVE-2020-10852 |
787 |
|
Overflow |
2020-03-24 |
2020-03-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a stack overflow in display driver. The Samsung ID is SVE-2019-15877 (January 2020). |
|
48 |
CVE-2020-10851 |
787 |
|
Overflow |
2020-03-24 |
2020-03-26 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is a stack overflow in the kperfmon driver. The Samsung ID is SVE-2019-15876 (January 2020). |
|
49 |
CVE-2020-10850 |
120 |
|
Exec Code Overflow |
2020-03-24 |
2020-03-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 (January 2020). |
|
50 |
CVE-2020-10849 |
307 |
|
|
2020-03-24 |
2020-03-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020). |
