| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2020-16166 |
330 |
|
+Info |
2020-07-30 |
2022-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. |
|
2 |
CVE-2020-16165 |
89 |
|
Sql |
2020-07-30 |
2020-08-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters. |
|
3 |
CVE-2020-16164 |
295 |
|
DoS Bypass |
2020-07-30 |
2022-11-29 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view. NOTE: some third parties may regard this as a preferred behavior, not a vulnerability. |
|
4 |
CVE-2020-16163 |
295 |
|
DoS Bypass |
2020-07-30 |
2020-08-06 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent routing systems. NOTE: third parties assert that the behavior is intentionally permitted by RFC 8182. |
|
5 |
CVE-2020-16162 |
295 |
|
Bypass |
2020-07-30 |
2020-08-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates. NOTE: there may be counterarguments related to backwards compatibility. |
|
6 |
CVE-2020-16157 |
79 |
|
XSS |
2020-07-30 |
2023-01-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu. |
|
7 |
CVE-2020-16143 |
427 |
|
|
2020-07-29 |
2020-08-05 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory. |
|
8 |
CVE-2020-16136 |
732 |
|
Dir. Trav. |
2020-07-31 |
2021-07-21 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
|
In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however. |
|
9 |
CVE-2020-16135 |
476 |
|
|
2020-07-29 |
2022-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. |
|
10 |
CVE-2020-16118 |
476 |
|
|
2020-07-29 |
2023-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. |
|
11 |
CVE-2020-16117 |
476 |
|
|
2020-07-29 |
2020-08-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server. |
|
12 |
CVE-2020-16095 |
79 |
|
XSS |
2020-07-29 |
2020-07-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS. |
|
13 |
CVE-2020-16094 |
674 |
|
|
2020-07-28 |
2022-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. |
|
14 |
CVE-2020-16088 |
287 |
|
Bypass |
2020-07-28 |
2022-01-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches. |
|
15 |
CVE-2020-15957 |
347 |
|
|
2020-07-30 |
2020-08-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). When it is configured to check JWT before uploading/publishing keys, it is possible to skip the signature check by providing a JWT token with alg=none. |
|
16 |
CVE-2020-15954 |
319 |
|
|
2020-07-27 |
2020-07-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. |
|
17 |
CVE-2020-15953 |
74 |
|
|
2020-07-27 |
2023-01-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." |
|
18 |
CVE-2020-15945 |
|
|
|
2020-07-24 |
2023-04-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function. |
|
19 |
CVE-2020-15932 |
59 |
|
|
2020-07-24 |
2020-08-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. |
|
20 |
CVE-2020-15924 |
89 |
|
Sql |
2020-07-24 |
2020-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters. |
|
21 |
CVE-2020-15923 |
22 |
|
Dir. Trav. |
2020-07-24 |
2020-07-27 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal. |
|
22 |
CVE-2020-15922 |
78 |
|
Exec Code |
2020-07-24 |
2022-01-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required. |
|
23 |
CVE-2020-15921 |
287 |
|
Exec Code |
2020-07-24 |
2022-04-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution. |
|
24 |
CVE-2020-15920 |
78 |
|
Exec Code |
2020-07-24 |
2023-01-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. |
|
25 |
CVE-2020-15919 |
79 |
|
XSS |
2020-07-24 |
2020-07-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0. |
|
26 |
CVE-2020-15918 |
79 |
|
XSS |
2020-07-24 |
2020-07-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0. |
|
27 |
CVE-2020-15917 |
|
|
|
2020-07-23 |
2022-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. |
|
28 |
CVE-2020-15916 |
78 |
|
Exec Code |
2020-07-23 |
2020-07-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. |
|
29 |
CVE-2020-15912 |
|
|
|
2020-07-23 |
2023-02-03 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
** DISPUTED ** Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue. |
|
30 |
CVE-2020-15908 |
22 |
|
Dir. Trav. |
2020-07-23 |
2020-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive. |
|
31 |
CVE-2020-15904 |
787 |
|
Overflow |
2020-07-22 |
2023-01-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file. |
|
32 |
CVE-2020-15902 |
79 |
|
XSS |
2020-07-22 |
2022-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option. |
|
33 |
CVE-2020-15901 |
|
|
Exec Code |
2020-07-22 |
2022-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. |
|
34 |
CVE-2020-15900 |
787 |
|
Mem. Corr. |
2020-07-28 |
2022-04-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b. |
|
35 |
CVE-2020-15899 |
345 |
|
|
2020-07-28 |
2020-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble. |
|
36 |
CVE-2020-15896 |
287 |
|
Bypass |
2020-07-22 |
2020-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1. |
|
37 |
CVE-2020-15895 |
79 |
|
XSS |
2020-07-22 |
2023-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage. |
|
38 |
CVE-2020-15894 |
306 |
|
|
2020-07-22 |
2023-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. |
|
39 |
CVE-2020-15893 |
78 |
|
|
2020-07-22 |
2023-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. |
|
40 |
CVE-2020-15892 |
787 |
|
Overflow Bypass |
2020-07-22 |
2023-04-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user. |
|
41 |
CVE-2020-15890 |
125 |
|
|
2020-07-21 |
2023-01-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. |
|
42 |
CVE-2020-15889 |
125 |
|
|
2020-07-21 |
2020-12-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. |
|
43 |
CVE-2020-15888 |
125 |
|
Overflow |
2020-07-21 |
2023-05-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. |
|
44 |
CVE-2020-15887 |
89 |
|
Exec Code Sql |
2020-07-23 |
2020-09-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/ endpoint. |
|
45 |
CVE-2020-15886 |
89 |
|
Exec Code Sql |
2020-07-23 |
2020-09-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint. |
|
46 |
CVE-2020-15885 |
79 |
|
XSS |
2020-07-23 |
2020-07-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment. |
|
47 |
CVE-2020-15884 |
89 |
|
Exec Code Sql |
2020-07-23 |
2020-07-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data. |
|
48 |
CVE-2020-15883 |
79 |
|
XSS |
2020-07-23 |
2020-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported). |
|
49 |
CVE-2020-15882 |
352 |
|
CSRF |
2020-07-23 |
2020-08-05 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database. |
|
50 |
CVE-2020-15881 |
79 |
|
XSS |
2020-07-23 |
2020-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name. |
