| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-27577 |
444 |
|
|
2021-06-29 |
2021-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. |
|
2 |
CVE-2020-15011 |
74 |
|
|
2020-06-24 |
2021-11-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. |
|
3 |
CVE-2020-14405 |
770 |
|
|
2020-06-17 |
2022-03-09 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. |
|
4 |
CVE-2020-14404 |
787 |
|
|
2020-06-17 |
2022-03-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. |
|
5 |
CVE-2020-14403 |
787 |
|
|
2020-06-17 |
2022-03-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. |
|
6 |
CVE-2020-14402 |
787 |
|
|
2020-06-17 |
2022-03-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. |
|
7 |
CVE-2020-14401 |
190 |
|
Overflow |
2020-06-17 |
2022-03-09 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. |
|
8 |
CVE-2020-14400 |
|
|
|
2020-06-17 |
2020-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary. |
|
9 |
CVE-2020-14399 |
|
|
|
2020-06-17 |
2020-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed." |
|
10 |
CVE-2020-14398 |
835 |
|
|
2020-06-17 |
2022-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. |
|
11 |
CVE-2020-14397 |
476 |
|
|
2020-06-17 |
2022-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. |
|
12 |
CVE-2020-14396 |
476 |
|
|
2020-06-17 |
2022-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. |
|
13 |
CVE-2020-14195 |
502 |
|
|
2020-06-16 |
2021-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). |
|
14 |
CVE-2020-14093 |
319 |
|
|
2020-06-15 |
2022-04-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. |
|
15 |
CVE-2020-14062 |
502 |
|
|
2020-06-14 |
2021-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). |
|
16 |
CVE-2020-14061 |
502 |
|
|
2020-06-14 |
2021-11-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). |
|
17 |
CVE-2020-13881 |
532 |
|
|
2020-06-06 |
2022-04-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. |
|
18 |
CVE-2020-13848 |
476 |
|
DoS |
2020-06-04 |
2021-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. |
|
19 |
CVE-2020-13696 |
863 |
|
|
2020-06-08 |
2022-04-28 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. |
|
20 |
CVE-2020-13434 |
190 |
|
Overflow |
2020-05-24 |
2022-05-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. |
|
21 |
CVE-2020-13113 |
908 |
|
|
2020-05-21 |
2022-04-26 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. |
|
22 |
CVE-2020-12769 |
662 |
|
|
2020-05-09 |
2022-05-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. |
|
23 |
CVE-2020-12767 |
369 |
|
|
2020-05-09 |
2020-07-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. |
|
24 |
CVE-2020-12653 |
787 |
|
DoS Overflow +Priv |
2020-05-05 |
2022-04-26 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea. |
|
25 |
CVE-2020-12243 |
674 |
|
DoS |
2020-04-28 |
2022-04-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). |
|
26 |
CVE-2020-11868 |
346 |
|
|
2020-04-17 |
2022-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. |
|
27 |
CVE-2020-11810 |
362 |
|
|
2020-04-27 |
2022-05-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use. |
|
28 |
CVE-2020-11736 |
22 |
|
Dir. Trav. |
2020-04-13 |
2022-04-27 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. |
|
29 |
CVE-2020-11728 |
384 |
|
|
2020-04-15 |
2020-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Session management does not use a sufficiently hard-to-guess session key. Anyone who can guess the microsecond time (and the incrementing session_id) can impersonate a session. |
|
30 |
CVE-2020-11655 |
665 |
|
DoS |
2020-04-09 |
2022-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. |
|
31 |
CVE-2020-11652 |
22 |
|
Dir. Trav. |
2020-04-30 |
2022-05-03 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users. |
|
32 |
CVE-2020-11651 |
306 |
|
|
2020-04-30 |
2022-03-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions. |
|
33 |
CVE-2020-11620 |
502 |
|
|
2020-04-07 |
2021-02-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). |
|
34 |
CVE-2020-11619 |
502 |
|
|
2020-04-07 |
2021-02-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). |
|
35 |
CVE-2020-11494 |
908 |
|
|
2020-04-02 |
2022-04-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4. |
|
36 |
CVE-2020-11113 |
502 |
|
|
2020-03-31 |
2021-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). |
|
37 |
CVE-2020-11112 |
502 |
|
|
2020-03-31 |
2021-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). |
|
38 |
CVE-2020-11111 |
502 |
|
|
2020-03-31 |
2021-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). |
|
39 |
CVE-2020-11078 |
93 |
|
|
2020-05-20 |
2020-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0. |
|
40 |
CVE-2020-11028 |
306 |
|
|
2020-04-30 |
2021-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). |
|
41 |
CVE-2020-11008 |
522 |
|
|
2020-04-21 |
2020-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a "blank" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's "store" helper - Git's "cache" helper - the "osxkeychain" helper that ships in Git's "contrib" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. |
|
42 |
CVE-2020-10969 |
502 |
|
|
2020-03-26 |
2021-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. |
|
43 |
CVE-2020-10968 |
502 |
|
|
2020-03-26 |
2021-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). |
|
44 |
CVE-2020-10942 |
787 |
|
|
2020-03-24 |
2022-04-22 |
5.4 |
None |
Local |
Medium |
Not required |
None |
Partial |
Complete |
|
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. |
|
45 |
CVE-2020-10938 |
787 |
|
Overflow |
2020-03-24 |
2022-01-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. |
|
46 |
CVE-2020-10803 |
79 |
|
Sql XSS |
2020-03-22 |
2020-11-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. |
|
47 |
CVE-2020-10802 |
89 |
|
Sql |
2020-03-22 |
2020-11-02 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. |
|
48 |
CVE-2020-10757 |
119 |
|
Overflow |
2020-06-09 |
2022-04-27 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system. |
|
49 |
CVE-2020-10711 |
476 |
|
DoS |
2020-05-22 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. |
|
50 |
CVE-2020-10690 |
416 |
|
|
2020-05-08 |
2021-12-20 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. |
