The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2020-14031 | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files). | HIGH | Sep 26, 2020 |
| CVE-2020-14030 | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution. | MEDIUM | Oct 9, 2020 |
| CVE-2020-14029 | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files. | MEDIUM | Sep 18, 2020 |
| CVE-2020-14028 | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module\'s Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\\SYSTEM privileges. | HIGH | Sep 26, 2020 |
| CVE-2020-14027 | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks. | LOW | Sep 26, 2020 |
| CVE-2020-14026 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. | HIGH | Sep 26, 2020 |
| CVE-2020-14025 | Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password. | MEDIUM | Sep 26, 2020 |
| CVE-2020-14024 | Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application. | MEDIUM | Sep 26, 2020 |
| CVE-2020-14023 | Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS. | MEDIUM | Sep 26, 2020 |
| CVE-2020-14022 | Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts (Import Contacts functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the Application Starter module) within the application. | HIGH | Sep 26, 2020 |
| CVE-2020-14021 | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\\SYSTEM privileges. | MEDIUM | Sep 18, 2020 |
| CVE-2020-14019 | Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. | HIGH | Jun 19, 2020 |
| CVE-2020-14018 | An issue was discovered in Navigate CMS 2.9 r1433. There is a stored XSS vulnerability that is executed on the page to view users, and on the page to edit users. This is present in both the User field and the E-Mail field. On the Edit user page, the XSS is only triggered via the E-Mail field; however, on the View user page the XSS is triggered via either the User field or the E-Mail field. | MEDIUM | Jun 24, 2020 |
| CVE-2020-14017 | An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session. | MEDIUM | Jun 24, 2020 |
| CVE-2020-14016 | An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password feature allows users to reset their passwords by using either their username or the email address associated with their account. However, the feature returns a not_found message when the provided username or email address does not match a user in the system. This can be used to enumerate users. | MEDIUM | Jun 24, 2020 |
| CVE-2020-14015 | An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a password, even though no activation code was supplied, setting the password for the most recently created user in the system (the user with the highest user id). | MEDIUM | Jun 24, 2020 |
| CVE-2020-14014 | An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS. | LOW | Jun 24, 2020 |
| CVE-2020-14012 | scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent. | LOW | Jun 14, 2020 |
| CVE-2020-14011 | Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless Built-in admin is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features. | HIGH | Jun 17, 2020 |
| CVE-2020-14010 | The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter. | MEDIUM | Jun 14, 2020 |
| CVE-2020-14009 | Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipart structures are not properly handled. | MEDIUM | May 7, 2021 |
| CVE-2020-14008 | Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. | MEDIUM | Sep 4, 2020 |
| CVE-2020-14007 | Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. | LOW | Jun 24, 2020 |
| CVE-2020-14006 | Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. | LOW | Jun 24, 2020 |
| CVE-2020-14005 | Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. | HIGH | Jun 24, 2020 |
| CVE-2020-14004 | An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. | MEDIUM | Jun 12, 2020 |
| CVE-2020-14002 | PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). | MEDIUM | Jun 29, 2020 |
| CVE-2020-14001 | The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template=/etc/passwd) or unintended embedded Ruby code execution (such as a string that begins with template=string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum. | HIGH | Jul 17, 2020 |
| CVE-2020-14000 | MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL\'s content is treated as a script and is executed as a worker. The responsible code is getExtensionIdForOpcode in serialization/sb3.js. The use of _ is incompatible with a protection mechanism in older versions, in which URLs were split and consequently deserialization attacks were prevented. NOTE: the scratch.mit.edu hosted service is not affected because of the lack of worker scripts. | HIGH | Jul 16, 2020 |
| CVE-2020-13999 | ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. | MEDIUM | Jun 19, 2020 |
| CVE-2020-13998 | Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | MEDIUM | Jun 11, 2020 |
| CVE-2020-13997 | In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. | MEDIUM | Jul 31, 2020 |
| CVE-2020-13996 | The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manager. | MEDIUM | Jun 10, 2020 |
| CVE-2020-13995 | U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer. | HIGH | Sep 25, 2020 |
| CVE-2020-13994 | An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker. | MEDIUM | Jul 9, 2020 |
| CVE-2020-13993 | An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket. | MEDIUM | Jul 9, 2020 |
| CVE-2020-13992 | An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user\'s logged in session. A user with sufficient privileges to change their login-page image must open a crafted ticket. | MEDIUM | Jul 10, 2020 |
| CVE-2020-13991 | vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. | MEDIUM | Sep 25, 2020 |
| CVE-2020-13988 | An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c. | MEDIUM | Dec 11, 2020 |
| CVE-2020-13987 | An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c. | MEDIUM | Dec 11, 2020 |
| CVE-2020-13986 | An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c. | MEDIUM | Dec 11, 2020 |
| CVE-2020-13985 | An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c. | MEDIUM | Dec 11, 2020 |
| CVE-2020-13984 | An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when processing IPv6 extension headers in ext_hdr_options_process in net/ipv6/uip6.c. | MEDIUM | Dec 11, 2020 |
| CVE-2020-13983 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-14159. Reason: This candidate is a reservation duplicate of CVE-2020-14159. Notes: All CVE users should reference CVE-2020-14159 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2020-13980 | OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users\' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states this is not a massive issue as you are still required to be logged into the admin. | LOW | Jun 11, 2020 |
| CVE-2020-13978 | Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication that the Edit Chunk feature was intended to prevent an administrator from using PHP\'s exec feature | MEDIUM | Jun 12, 2020 |
| CVE-2020-13977 | Nagios 4.4.5 allows an attacker, who already has administrative access to change the URL for JSON CGIs configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408. | MEDIUM | Jun 12, 2020 |
| CVE-2020-13976 | An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it refers to an old software version, requires administrative privileges, and does not provide access beyond that already available to administrative users | MEDIUM | Jun 12, 2020 |
| CVE-2020-13974 | An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. | HIGH | Jun 9, 2020 |
| CVE-2020-13973 | OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript. | MEDIUM | Jun 12, 2020 |
