The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2020-8834 | KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 (KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures) 87a11bb6a7f7 (KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode) The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it\'s believed the first is the only strictly necessary commit: 6f597c6b63b6 (KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()) 7b0e827c6970 (KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm) 009c872a8bc4 (KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file) | MEDIUM | Apr 9, 2020 |
| CVE-2020-8833 | Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22. | LOW | Apr 23, 2020 |
| CVE-2020-8832 | The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.) was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. | LOW | Apr 10, 2020 |
| CVE-2020-8831 | Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport\'s lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22. | LOW | Apr 23, 2020 |
| CVE-2020-8830 | CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. | MEDIUM | May 5, 2020 |
| CVE-2020-8829 | CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis. | MEDIUM | May 5, 2020 |
| CVE-2020-8828 | As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere. | MEDIUM | Apr 9, 2020 |
| CVE-2020-8827 | As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. Attackers can submit an unlimited number of authentication attempts without consequence. | MEDIUM | Apr 9, 2020 |
| CVE-2020-8826 | As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication tokens, once issued, were usable forever without expiration—there was no refresh or forced re-authentication. | MEDIUM | Apr 9, 2020 |
| CVE-2020-8825 | index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS. | LOW | Feb 11, 2020 |
| CVE-2020-8824 | Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. | LOW | Feb 27, 2020 |
| CVE-2020-8823 | htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the /htmlfile c (aka callback) parameter. | MEDIUM | Feb 11, 2020 |
| CVE-2020-8822 | Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web application. | LOW | Feb 11, 2020 |
| CVE-2020-8821 | An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users. | LOW | Oct 16, 2020 |
| CVE-2020-8820 | An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. | LOW | Oct 16, 2020 |
| CVE-2020-8819 | An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments. | MEDIUM | Feb 25, 2020 |
| CVE-2020-8818 | An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass the payment process (e.g., spoof an order status by manually sending an IPN callback request with a valid signature but without real payment) and/or receive all of the subsequent payments. | MEDIUM | Feb 25, 2020 |
| CVE-2020-8817 | Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the Created by metadata. | MEDIUM | Sep 18, 2020 |
| CVE-2020-8816 | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | MEDIUM | May 29, 2020 |
| CVE-2020-8815 | Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets. | MEDIUM | Feb 12, 2020 |
| CVE-2020-8813 | graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege. | HIGH | Feb 25, 2020 |
| CVE-2020-8812 | Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor\'s perspective is that this is not a bug. | LOW | Feb 10, 2020 |
| CVE-2020-8811 | ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users\' profile pictures. | MEDIUM | Feb 10, 2020 |
| CVE-2020-8810 | An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn\'t check for path traversal. This allows the attacker exploiting CVE-2020-8809 to send executable files and place them in an autorun directory, or to place DLLs inside the existing GXDLMS Director installation (run on next execution of GXDLMS Director). This can be used to achieve code execution even if the user doesn\'t have any add-ins installed. | MEDIUM | Feb 25, 2020 |
| CVE-2020-8809 | Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker can modify the contents of downloaded files. In the case of add-ins (if the user is using those), this will lead to code execution. In case of OBIS codes (which the user is always using as they are needed to communicate with the energy meters), this can lead to code execution when combined with CVE-2020-8810. | MEDIUM | Feb 27, 2020 |
| CVE-2020-8808 | The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\\SYSTEM privileges, via a function call such as MmMapIoSpace. | HIGH | Feb 12, 2020 |
| CVE-2020-8807 | In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim\'s address and an IP address, aka a timing side channel. | MEDIUM | Feb 5, 2021 |
| CVE-2020-8806 | Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced. | MEDIUM | Feb 5, 2021 |
| CVE-2020-8804 | SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the MailMerge module. | MEDIUM | Feb 13, 2020 |
| CVE-2020-8803 | SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via add_to_prospect_list. | HIGH | Feb 13, 2020 |
| CVE-2020-8802 | SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation. | HIGH | Feb 13, 2020 |
| CVE-2020-8801 | SuiteCRM through 7.11.11 allows PHAR Deserialization. | MEDIUM | Feb 13, 2020 |
| CVE-2020-8800 | SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. | MEDIUM | Feb 13, 2020 |
| CVE-2020-8799 | A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website. | LOW | May 5, 2020 |
| CVE-2020-8798 | httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network. | LOW | Apr 23, 2020 |
| CVE-2020-8797 | Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network. | MEDIUM | Apr 23, 2020 |
| CVE-2020-8796 | Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server. | HIGH | Feb 11, 2020 |
| CVE-2020-8795 | In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. | MEDIUM | Feb 21, 2020 |
| CVE-2020-8794 | OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling. | HIGH | Feb 26, 2020 |
| CVE-2020-8793 | OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c. | MEDIUM | Feb 28, 2020 |
| CVE-2020-8792 | The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid barcode inputs can be easily guessed because barcode strings follow a predictable pattern. Correctly guessed valid barcode inputs entered through the app interface disclose arbitrary users\' email addresses and lock names. | MEDIUM | May 4, 2020 |
| CVE-2020-8791 | The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issues. A remote attacker can use their own token to make unauthorized API requests on behalf of arbitrary user IDs. Valid and current user IDs are trivial to guess because of the user ID assignment convention used by the app. A remote attacker could harvest email addresses, unsalted MD5 password hashes, owner-assigned lock names, and owner-assigned fingerprint names for any range of arbitrary user IDs. | MEDIUM | May 4, 2020 |
| CVE-2020-8790 | The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could allow a remote attacker to discover user credentials and obtain access via a brute force attack. | HIGH | May 4, 2020 |
| CVE-2020-8789 | Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration. | LOW | May 22, 2020 |
| CVE-2020-8788 | Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded from GitHub. It was simply a convenient location for a public bug report. | MEDIUM | Feb 11, 2020 |
| CVE-2020-8787 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted. | MEDIUM | Mar 18, 2020 |
| CVE-2020-8786 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 4 of 4). | HIGH | Mar 18, 2020 |
| CVE-2020-8785 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 3 of 4). | HIGH | Mar 18, 2020 |
| CVE-2020-8784 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 2 of 4). | HIGH | Mar 18, 2020 |
| CVE-2020-8783 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (issue 1 of 4). | HIGH | Mar 18, 2020 |
