| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-12479 |
22 |
|
Dir. Trav. |
2020-04-29 |
2020-05-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. |
|
2 |
CVE-2020-12478 |
74 |
|
|
2020-04-29 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files. |
|
3 |
CVE-2020-12477 |
200 |
|
Bypass +Info |
2020-04-29 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. |
|
4 |
CVE-2020-12473 |
269 |
|
|
2020-04-29 |
2021-07-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. |
|
5 |
CVE-2020-12472 |
79 |
|
XSS |
2020-04-29 |
2020-05-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. |
|
6 |
CVE-2020-12471 |
502 |
|
Exec Code |
2020-04-29 |
2020-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler. |
|
7 |
CVE-2020-12470 |
552 |
|
Exec Code |
2020-04-29 |
2020-05-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. |
|
8 |
CVE-2020-12469 |
502 |
|
|
2020-04-29 |
2020-05-05 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. |
|
9 |
CVE-2020-12468 |
|
|
|
2020-04-29 |
2020-05-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/. |
|
10 |
CVE-2020-12467 |
384 |
|
|
2020-04-29 |
2020-05-01 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. |
|
11 |
CVE-2020-12465 |
120 |
|
Overflow |
2020-04-29 |
2020-06-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. |
|
12 |
CVE-2020-12464 |
416 |
|
|
2020-04-29 |
2020-06-22 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. |
|
13 |
CVE-2020-12462 |
352 |
|
XSS CSRF |
2020-04-29 |
2020-05-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. |
|
14 |
CVE-2020-12461 |
89 |
|
Sql |
2020-04-29 |
2020-05-05 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query. |
|
15 |
CVE-2020-12459 |
732 |
|
|
2020-04-29 |
2022-04-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable. |
|
16 |
CVE-2020-12458 |
732 |
|
|
2020-04-29 |
2022-04-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords). |
|
17 |
CVE-2020-12447 |
22 |
|
Dir. Trav. File Inclusion |
2020-04-29 |
2020-05-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow. |
|
18 |
CVE-2020-12446 |
269 |
|
|
2020-04-29 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM. |
|
19 |
CVE-2020-12443 |
22 |
|
Dir. Trav. |
2020-04-29 |
2020-05-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to bigbluebutton.properties. NOTE: this issue exists because of an ineffective mitigation to CVE-2020-12112 in which there was an attempted fix within an NGINX configuration file, without considering that the relevant part of NGINX is case-insensitive. |
|
20 |
CVE-2020-12442 |
89 |
|
Sql |
2020-04-28 |
2020-05-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. |
|
21 |
CVE-2020-12438 |
79 |
|
XSS |
2020-04-28 |
2020-05-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags. |
|
22 |
CVE-2020-12430 |
401 |
|
DoS |
2020-04-28 |
2020-06-16 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service. |
|
23 |
CVE-2020-12429 |
89 |
|
Sql Bypass |
2020-04-28 |
2020-05-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php. |
|
24 |
CVE-2020-12286 |
200 |
|
+Info |
2020-04-28 |
2021-07-21 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped to any dimension. For example, a scoped user who is scoped to only one tenant can view server tasks scoped to any other tenant. |
|
25 |
CVE-2020-12284 |
787 |
|
Overflow |
2020-04-28 |
2022-04-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. |
|
26 |
CVE-2020-12283 |
601 |
|
|
2020-04-30 |
2021-03-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring. |
|
27 |
CVE-2020-12279 |
706 |
|
Exec Code |
2020-04-27 |
2023-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353. |
|
28 |
CVE-2020-12278 |
706 |
|
Exec Code |
2020-04-27 |
2023-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352. |
|
29 |
CVE-2020-12277 |
276 |
|
|
2020-04-29 |
2020-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated. |
|
30 |
CVE-2020-12276 |
79 |
|
XSS |
2020-04-29 |
2020-05-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature. |
|
31 |
CVE-2020-12275 |
269 |
|
|
2020-04-29 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API. |
|
32 |
CVE-2020-12274 |
20 |
|
|
2020-04-27 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session. |
|
33 |
CVE-2020-12273 |
522 |
|
|
2020-04-27 |
2021-07-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. |
|
34 |
CVE-2020-12272 |
290 |
|
|
2020-04-27 |
2022-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring. |
|
35 |
CVE-2020-12271 |
89 |
|
Exec Code Sql |
2020-04-27 |
2022-10-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal exposed on the WAN zone. A successful attack may have caused remote code execution that exfiltrated usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords) |
|
36 |
CVE-2020-12270 |
330 |
|
|
2020-04-27 |
2020-05-06 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
** DISPUTED ** React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it was a false alert if contact-history comparison fails (i.e., an F0 is not actually part of the contact history obtained from the device of this recipient, or this recipient is not actually part of the contact history obtained from the device of an F0). |
|
37 |
CVE-2020-12268 |
787 |
|
Overflow |
2020-04-27 |
2021-11-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. |
|
38 |
CVE-2020-12267 |
416 |
|
|
2020-04-27 |
2023-01-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock. |
|
39 |
CVE-2020-12266 |
306 |
|
|
2020-04-27 |
2022-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage. The devices automatically query these pages to update dashboards and other statistics, but the pages can be accessed externally without any authentication. All the pages follow the naming convention live_(string).shtml. Among the information disclosed is: interface status logs, IP address of the device, MAC address of the device, model and current firmware version, location, all running processes, all interfaces and their statuses, all current DHCP leases and the associated hostnames, all other wireless networks in range of the router, memory statistics, and components of the configuration of the device such as enabled features. Affected devices: Affected devices are: Wavlink WN530HG4, Wavlink WN575A3, Wavlink WN579G3,Wavlink WN531G3, Wavlink WN533A8, Wavlink WN531A6, Wavlink WN551K1, Wavlink WN535G3, Wavlink WN530H4, Wavlink WN57X93, WN572HG3, Wavlink WN578A2, Wavlink WN579G3, Wavlink WN579X3, and Jetstream AC3000/ERAC3000 |
|
40 |
CVE-2020-12265 |
22 |
|
Dir. Trav. |
2020-04-26 |
2021-07-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal. |
|
41 |
CVE-2020-12261 |
79 |
|
XSS |
2020-04-28 |
2020-05-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Open-AudIT 3.3.0 allows an XSS attack after login. |
|
42 |
CVE-2020-12254 |
59 |
|
DoS |
2020-04-26 |
2020-10-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. |
|
43 |
CVE-2020-12252 |
434 |
|
Exec Code |
2020-04-29 |
2020-05-18 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an arbitrary file upload for an authenticated user. If an executable file is uploaded into the www-root directory, then it could yield remote code execution via the filename parameter. |
|
44 |
CVE-2020-12251 |
22 |
|
Dir. Trav. |
2020-04-29 |
2020-05-18 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine. |
|
45 |
CVE-2020-12246 |
78 |
|
|
2020-04-29 |
2020-05-07 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter. |
|
46 |
CVE-2020-12245 |
79 |
|
XSS |
2020-04-24 |
2020-10-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. |
|
47 |
CVE-2020-12243 |
674 |
|
DoS |
2020-04-28 |
2022-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). |
|
48 |
CVE-2020-12242 |
269 |
|
+Priv |
2020-04-27 |
2021-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account. |
|
49 |
CVE-2020-12138 |
269 |
|
|
2020-04-27 |
2021-07-21 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages. |
|
50 |
CVE-2020-12137 |
79 |
|
Exec Code XSS |
2020-04-24 |
2022-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. |
