CVE-2020-13xxx

There are 858 CVE in this subgroup.

Last updated:

← Back to 2020

ID	Summary	Flags
CVE-2020-13000	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13001	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13002	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13003	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13004	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13005	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13006	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13007	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13008	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13009	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13010	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13011	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13012	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13013	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13014	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13015	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13016	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13017	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13018	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13019	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13020	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13021	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13022	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13023	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13024	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13025	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13026	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13027	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13028	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13029	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13030	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13031	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13032	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13033	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13034	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13035	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13036	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13037	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13038	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13039	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13040	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13041	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13042	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13043	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13044	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13045	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13046	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13047	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13048	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13049	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13050	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13051	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13052	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13053	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13054	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13055	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13056	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13057	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13058	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13059	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13060	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13061	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13062	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13063	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13064	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13065	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13066	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13067	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13068	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13069	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13070	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13071	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13072	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13073	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13074	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13075	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13076	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13077	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13078	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13079	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13080	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13081	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13082	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13083	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13084	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13085	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13086	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13087	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13088	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13089	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13091	pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to t...	E
CVE-2020-13092	scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted fil...	E
CVE-2020-13093	iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal....
CVE-2020-13094	Dolibarr before 11.0.4 allows XSS....	E
CVE-2020-13095	Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. ...
CVE-2020-13100	Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.2...	E
CVE-2020-13101	In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e.,...
CVE-2020-13109	Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitr...	E
CVE-2020-13110	The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalati...	E M
CVE-2020-13111	NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function...	S
CVE-2020-13112	An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handli...	S
CVE-2020-13113	An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote hand...	S
CVE-2020-13114	An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerN...	S
CVE-2020-13116	OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy ...
CVE-2020-13117	Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject ...	E
CVE-2020-13118	An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exist...	E
CVE-2020-13119	ismartgate PRO 1.5.9 is vulnerable to clickjacking....	E
CVE-2020-13121	Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login...	E
CVE-2020-13122	The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on N...	E
CVE-2020-13124	SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interfa...	S
CVE-2020-13125	An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, a...
CVE-2020-13126	An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the ...
CVE-2020-13127	A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authen...	E
CVE-2020-13128	An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handli...	E
CVE-2020-13129	An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and poss...
CVE-2020-13131	An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is includ...	E
CVE-2020-13132	An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free()...	E
CVE-2020-13133	Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exp...
CVE-2020-13134	Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exp...
CVE-2020-13135	D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local n...
CVE-2020-13136	D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a ne...
CVE-2020-13143	gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 r...	S
CVE-2020-13144	Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New c...	E
CVE-2020-13145	Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" scre...	E
CVE-2020-13146	Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Co...	E
CVE-2020-13149	Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.24...	E
CVE-2020-13150	D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control pa...
CVE-2020-13151	Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defi...	E
CVE-2020-13152	A remote user can create a specially crafted M3U file, media playlist file that when loaded by the t...	E
CVE-2020-13153	app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes vi...	S
CVE-2020-13154	Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to d...	E
CVE-2020-13155	clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter ...	E
CVE-2020-13156	modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/ind...	E
CVE-2020-13157	modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/in...	E
CVE-2020-13158	Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.deta...	E
CVE-2020-13159	Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, ...	E
CVE-2020-13160	AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited fo...	E
CVE-2020-13162	A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions ...	E
CVE-2020-13163	em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a ma...	E
CVE-2020-13164	In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. Th...	S
CVE-2020-13166	The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because m...	E
CVE-2020-13167	Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlog...	E
CVE-2020-13168	SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter....	E
CVE-2020-13169	Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on ...
CVE-2020-13170	HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued b...	S
CVE-2020-13173	Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCo...
CVE-2020-13174	The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set th...	S
CVE-2020-13175	The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy fo...
CVE-2020-13176	The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy fo...
CVE-2020-13177	The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows vers...	S
CVE-2020-13178	A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to ...
CVE-2020-13179	Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows...
CVE-2020-13183	Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an at...
CVE-2020-13185	Certain web application pages in the authenticated section of the Teradici Cloud Access Connector pr...
CVE-2020-13186	An Anti CSRF mechanism was discovered missing in the Teradici Cloud Access Connector v31 and earlier...
CVE-2020-13187	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13188	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13189	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13190	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13191	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13192	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13193	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13194	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13195	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13196	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13197	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13198	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13199	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13200	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13201	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13202	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13203	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13204	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13205	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13206	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13207	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13208	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13209	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13210	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13211	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13212	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13213	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13214	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13215	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13216	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13217	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13218	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13219	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13220	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13221	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13222	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2020-13223	HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included se...
CVE-2020-13224	TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 ...	E
CVE-2020-13225	phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instruct...	E
CVE-2020-13226	WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, ope...
CVE-2020-13227	An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under wh...	E
CVE-2020-13228	An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid paramet...	E
CVE-2020-13229	An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the si...	E
CVE-2020-13230	In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions gra...	E
CVE-2020-13231	In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change....	E
CVE-2020-13238	Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process b...
CVE-2020-13239	The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the atta...	E
CVE-2020-13240	The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission...	E
CVE-2020-13241	Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-...	E
CVE-2020-13245	Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9...	E
CVE-2020-13246	An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a ...	E S
CVE-2020-13247	BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name tha...	E
CVE-2020-13248	BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field wit...	E
CVE-2020-13249	libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content ...	S
CVE-2020-13250	HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced...	S
CVE-2020-13252	Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell m...	E S
CVE-2020-13253	sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds ...	S
CVE-2020-13254	An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached...	S
CVE-2020-13258	Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter ...	E
CVE-2020-13259	A vulnerability in the web-based management interface of RAD SecFlow-1v os-image SF_0290_2.3.01.26 c...	E
CVE-2020-13260	A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could all...	E
CVE-2020-13261	Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other adminis...
CVE-2020-13262	Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allo...
CVE-2020-13263	An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 ...
CVE-2020-13264	Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group...
CVE-2020-13265	User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass e...
CVE-2020-13266	Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows u...
CVE-2020-13267	A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metr...
CVE-2020-13268	A specially crafted request could be used to confirm the existence of files hosted on object storage...
CVE-2020-13269	A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on...
CVE-2020-13270	Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 all...
CVE-2020-13271	A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in th...
CVE-2020-13272	OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to...
CVE-2020-13273	A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and l...
CVE-2020-13274	A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading ...
CVE-2020-13275	A user with an unverified email address could request an access to domain restricted groups in GitLa...
CVE-2020-13276	User is allowed to set an email as a notification email even without verifying the new email in all ...
CVE-2020-13277	An authorization issue in the mirroring logic allowed read access to private repositories in GitLab ...
CVE-2020-13278	Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System...	E S
CVE-2020-13279	Client side code execution in gitlab-vscode-extension v2.2.0 allows attacker to execute code on user...
CVE-2020-13280	For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging o...	E
CVE-2020-13281	For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature...
CVE-2020-13282	For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group...
CVE-2020-13283	For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues ...
CVE-2020-13284	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorizati...
CVE-2020-13285	For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the i...
CVE-2020-13286	For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified...
CVE-2020-13287	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporte...
CVE-2020-13288	In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs pa...
CVE-2020-13289	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain case...
CVE-2020-13290	In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications p...
CVE-2020-13291	In GitLab before 13.2.3, project sharing could temporarily allow too permissive access....
CVE-2020-13292	In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is r...
CVE-2020-13293	In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an...
CVE-2020-13294	In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked acce...
CVE-2020-13295	For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the ...
CVE-2020-13296	An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2....
CVE-2020-13297	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor a...
CVE-2020-13298	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Conan package u...
CVE-2020-13299	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation ...
CVE-2020-13300	GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change with...
CVE-2020-13301	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vuln...
CVE-2020-13302	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain c...
CVE-2020-13303	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Due to improper...
CVE-2020-13304	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor A...
CVE-2020-13305	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not ...
CVE-2020-13306	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook ...
CVE-2020-13307	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not ...	S
CVE-2020-13308	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without ...
CVE-2020-13309	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vuln...
CVE-2020-13310	A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was po...
CVE-2020-13311	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulner...
CVE-2020-13312	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth en...
CVE-2020-13313	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized...
CVE-2020-13314	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth...
CVE-2020-13315	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile act...
CVE-2020-13316	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not ...
CVE-2020-13317	A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficien...
CVE-2020-13318	A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLab...
CVE-2020-13319	An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. Miss...	E
CVE-2020-13320	An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with li...	E
CVE-2020-13321	A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could ...	E
CVE-2020-13322	A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permis...	E
CVE-2020-13323	A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge...
CVE-2020-13324	A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the privat...	E
CVE-2020-13325	A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page ...
CVE-2020-13326	A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restri...
CVE-2020-13327	An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13....
CVE-2020-13328	An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitL...	E
CVE-2020-13329	An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was ...	E
CVE-2020-13330	An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable t...	E
CVE-2020-13331	An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable t...	E
CVE-2020-13332	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13333	A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to upda...	E
CVE-2020-13334	In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-me...
CVE-2020-13335	Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to ...
CVE-2020-13336	An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vuln...	E
CVE-2020-13337	An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a ...
CVE-2020-13338	An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A store...	E
CVE-2020-13339	An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS...
CVE-2020-13340	An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: S...
CVE-2020-13341	An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. I...
CVE-2020-13342	An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack ...
CVE-2020-13343	An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users...	E
CVE-2020-13344	An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. S...
CVE-2020-13345	An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on M...	E
CVE-2020-13346	Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3...
CVE-2020-13347	A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 a...
CVE-2020-13348	An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOW...
CVE-2020-13349	An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expre...
CVE-2020-13350	CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to ...
CVE-2020-13351	Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to...
CVE-2020-13352	Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is move...
CVE-2020-13353	When importing repos via URL, one time use git credentials were persisted beyond the expected time w...
CVE-2020-13354	A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The contain...
CVE-2020-13355	An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path trave...
CVE-2020-13356	An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially...
CVE-2020-13357	An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6...
CVE-2020-13358	A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows u...
CVE-2020-13359	The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operati...
CVE-2020-13360	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13361	In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the...	S
CVE-2020-13362	In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a...	S
CVE-2020-13364	A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS5...
CVE-2020-13365	Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a pa...
CVE-2020-13376	SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command exec...	E
CVE-2020-13377	The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authen...	E
CVE-2020-13378	Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allo...	E
CVE-2020-13379	The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This v...	E
CVE-2020-13380	openSIS before 7.4 allows SQL Injection....	S
CVE-2020-13381	openSIS through 7.4 allows SQL Injection....	E
CVE-2020-13382	openSIS through 7.4 has Incorrect Access Control....	E
CVE-2020-13383	openSIS through 7.4 allows Directory Traversal....	E S
CVE-2020-13384	Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via adm...	E
CVE-2020-13386	In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Use...	E
CVE-2020-13387	Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service vi...
CVE-2020-13388	An exploitable vulnerability exists in the configuration-loading functionality of the jw.util packag...	E
CVE-2020-13389	An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, A...	E
CVE-2020-13390	An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, A...	E
CVE-2020-13391	An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, A...	E
CVE-2020-13392	An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, A...	E
CVE-2020-13393	An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, A...	E
CVE-2020-13394	An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, A...	E
CVE-2020-13396	An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been ...	S
CVE-2020-13397	An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been ...	S
CVE-2020-13398	An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been...	S
CVE-2020-13401	An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_N...
CVE-2020-13404	The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injectio...	E
CVE-2020-13405	userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthentica...	E S
CVE-2020-13407	Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to ...
CVE-2020-13408	Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to ...
CVE-2020-13409	Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to ...
CVE-2020-13410	An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions ...	E S
CVE-2020-13412	An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lac...
CVE-2020-13413	An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discr...	E
CVE-2020-13414	An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by th...	E
CVE-2020-13415	An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML asserti...	E
CVE-2020-13416	An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session t...
CVE-2020-13417	An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an i...	E
CVE-2020-13418	OpenIAM before 4.2.0.3 allows XSS in the Add New User feature....
CVE-2020-13419	OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task....
CVE-2020-13420	OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script....
CVE-2020-13421	OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, an...
CVE-2020-13422	OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* a...
CVE-2020-13423	Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin...	E
CVE-2020-13424	The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure....
CVE-2020-13425	TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which wil...	E
CVE-2020-13426	The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability...	E
CVE-2020-13427	Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstna...	E S
CVE-2020-13428	A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in ...	S
CVE-2020-13429	legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via...
CVE-2020-13430	Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource....	S
CVE-2020-13431	I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because o...
CVE-2020-13432	rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows ...	E S
CVE-2020-13433	Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter....	S
CVE-2020-13434	SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c....	E S
CVE-2020-13435	SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c....	E S
CVE-2020-13438	ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c....	E
CVE-2020-13439	ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c....	E
CVE-2020-13440	ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c....	E
CVE-2020-13442	A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacke...	E
CVE-2020-13443	ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php...	E
CVE-2020-13444	Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and...	S
CVE-2020-13445	In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7...	E S
CVE-2020-13448	QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remot...	E
CVE-2020-13449	A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an atta...	E
CVE-2020-13450	A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an att...	E
CVE-2020-13451	An incomplete-cleanup vulnerability in the Office rendering engine of Gotenberg through 6.2.1 allows...	E
CVE-2020-13452	In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially a...
CVE-2020-13458	An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issue...
CVE-2020-13459	An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS ...
CVE-2020-13460	Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were present in Tufin SecureTrack, affect...
CVE-2020-13461	Username enumeration in present in Tufin SecureTrack. It's affecting all versions of SecureTrack. Th...
CVE-2020-13462	Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior t...
CVE-2020-13463	The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attac...
CVE-2020-13464	The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allo...
CVE-2020-13465	The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the con...	E
CVE-2020-13466	STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrar...
CVE-2020-13467	The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allo...
CVE-2020-13468	Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions v...	E
CVE-2020-13469	The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to ext...	E
CVE-2020-13470	Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of...	E
CVE-2020-13471	Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a pow...	E
CVE-2020-13472	The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extr...	E
CVE-2020-13473	NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by readi...	E
CVE-2020-13474	In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted UR...	E
CVE-2020-13476	NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module....	E
CVE-2020-13480	Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature....	E
CVE-2020-13481	Certain Lexmark products through 2020-05-25 allow XSS which allows an attacker to obtain session cre...
CVE-2020-13482	EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to pe...	E S
CVE-2020-13483	The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] paramete...	E
CVE-2020-13484	Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?actio...	E
CVE-2020-13485	The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For ...	E
CVE-2020-13486	The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection....
CVE-2020-13487	The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulti...	E
CVE-2020-13493	A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sect...	E
CVE-2020-13494	A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens ...	E
CVE-2020-13495	An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary US...	E
CVE-2020-13496	An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded ty...	E
CVE-2020-13497	An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded ty...	E
CVE-2020-13498	An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded ty...	E
CVE-2020-13499	An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise ...	E
CVE-2020-13500	SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Dat...	E
CVE-2020-13501	An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise ...	E
CVE-2020-13502	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13503	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13504	Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attack...	E
CVE-2020-13505	Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Spec...	E
CVE-2020-13506	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13507	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13508	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13509	An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs fu...	E
CVE-2020-13510	An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs fu...	E
CVE-2020-13511	An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs fu...	E
CVE-2020-13512	A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs func...	E
CVE-2020-13513	A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs func...	E
CVE-2020-13514	A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs func...	E
CVE-2020-13515	A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality o...	E
CVE-2020-13516	An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionalit...	E
CVE-2020-13517	An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionalit...	E
CVE-2020-13518	An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionalit...	E
CVE-2020-13519	A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality o...	E
CVE-2020-13520	An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs ...	E
CVE-2020-13521	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13522	An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driv...	E
CVE-2020-13523	An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys d...	E
CVE-2020-13524	An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS da...	E
CVE-2020-13525	The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is...	E
CVE-2020-13526	SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A spec...	E
CVE-2020-13527	An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort ED...
CVE-2020-13528	An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of La...
CVE-2020-13529	An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCE...	E
CVE-2020-13530	A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Gr...	E
CVE-2020-13531	A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual...	E
CVE-2020-13532	A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, t...	E
CVE-2020-13533	A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, ...	E
CVE-2020-13534	A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), ...	E
CVE-2020-13535	A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configura...	E
CVE-2020-13536	An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa...	E
CVE-2020-13537	An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa...	E
CVE-2020-13539	An exploitable local privilege elevation vulnerability exists in the file system permissions of the ...	E
CVE-2020-13540	An exploitable local privilege elevation vulnerability exists in the file system permissions of the ...	E
CVE-2020-13541	An exploitable local privilege elevation vulnerability exists in the file system permissions of the ...	E
CVE-2020-13542	A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 ...	E
CVE-2020-13543	A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A s...	E
CVE-2020-13544	An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality o...	E
CVE-2020-13545	An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionalit...	E
CVE-2020-13546	In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted docu...	E
CVE-2020-13547	A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader,...	E
CVE-2020-13548	In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free ...	E
CVE-2020-13549	An exploitable local privilege elevation vulnerability exists in the file system permissions of Syte...	E
CVE-2020-13550	A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess...	E
CVE-2020-13551	An exploitable local privilege elevation vulnerability exists in the file system permissions of Adva...	E
CVE-2020-13552	An exploitable local privilege elevation vulnerability exists in the file system permissions of Adva...	E
CVE-2020-13553	An exploitable local privilege elevation vulnerability exists in the file system permissions of Adva...	E
CVE-2020-13554	An exploitable local privilege elevation vulnerability exists in the file system permissions of Adva...	E
CVE-2020-13555	An exploitable local privilege elevation vulnerability exists in the file system permissions of Adva...	E
CVE-2020-13556	An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Gro...	E
CVE-2020-13557	A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader,...	E
CVE-2020-13558	A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit We...	E
CVE-2020-13559	A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-6087...	E
CVE-2020-13560	A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader,...	E
CVE-2020-13561	An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A special...	E
CVE-2020-13562	A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specia...	E
CVE-2020-13563	A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specia...	E
CVE-2020-13564	A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specia...	E
CVE-2020-13565	An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7,...	E
CVE-2020-13566	SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a...	E
CVE-2020-13567	Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can ...	E
CVE-2020-13568	SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a ...	E
CVE-2020-13569	A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and dev...	E
CVE-2020-13570	A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, versi...	E
CVE-2020-13571	An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft I...	E
CVE-2020-13572	A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Acc...	E
CVE-2020-13573	A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automat...	E
CVE-2020-13574	A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2....	E
CVE-2020-13575	A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP ...	E
CVE-2020-13576	A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8...	E
CVE-2020-13577	A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2....	E
CVE-2020-13578	A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2....	E
CVE-2020-13579	An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality...	E
CVE-2020-13580	An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing fun...	E
CVE-2020-13581	In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted docu...	E
CVE-2020-13582	A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00...	E
CVE-2020-13583	A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00...	E
CVE-2020-13584	An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specia...	E
CVE-2020-13585	An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft I...	E
CVE-2020-13586	A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of So...	E
CVE-2020-13587	An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Ruko...	E
CVE-2020-13588	An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel P...	E
CVE-2020-13589	An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel P...	E
CVE-2020-13590	Multiple exploitable SQL injection vulnerabilities exist in the 'entities/fields' page of the Rukovo...	E
CVE-2020-13591	An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukov...	E
CVE-2020-13592	An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel ...	E
CVE-2020-13593	The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLin...
CVE-2020-13594	The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for E...
CVE-2020-13595	The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for E...
CVE-2020-13596	An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated...	S
CVE-2020-13597	Calico nodes IPv6 traffic redirection from route advertisment
CVE-2020-13598	FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat
CVE-2020-13599	Security problem with settings and littlefs
CVE-2020-13600	Malformed SPI in response for eswifi can corrupt kernel memory
CVE-2020-13601	Possible read out of bounds in dns read
CVE-2020-13602	Remote Denial of Service in LwM2M do_write_op_tlv
CVE-2020-13603	Integer Overflow in memory allocating functions
CVE-2020-13604	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13605	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13606	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13607	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13608	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13609	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13610	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13611	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13612	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13614	An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verifi...	E
CVE-2020-13615	lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates....	S
CVE-2020-13616	The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification....	S
CVE-2020-13617	The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5...
CVE-2020-13619	php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution....
CVE-2020-13620	Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration...	E
CVE-2020-13622	JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a proper...
CVE-2020-13623	JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy oper...	E
CVE-2020-13625	PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a...	E S
CVE-2020-13626	OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant ...
CVE-2020-13627	Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or H...	E
CVE-2020-13628	Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or H...	E
CVE-2020-13630	ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snip...	S
CVE-2020-13631	SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, r...	S
CVE-2020-13632	ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchin...	S
CVE-2020-13633	Fork before 5.8.3 allows XSS via navigation_title or title....	S
CVE-2020-13634	In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS)...	E
CVE-2020-13637	An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and poss...
CVE-2020-13638	lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to admi...	E
CVE-2020-13639	A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affec...
CVE-2020-13640	A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote ...	E S
CVE-2020-13641	An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far...	E
CVE-2020-13642	An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The acti...	E
CVE-2020-13643	An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live...	E
CVE-2020-13644	An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_...	E
CVE-2020-13645	In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname v...	E
CVE-2020-13646	In Cheetah free WiFi 5.1, the driver file (liebaonat.sys) allows local users to cause a denial of se...	E
CVE-2020-13649	parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory condition...	S
CVE-2020-13650	An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login pa...
CVE-2020-13651	An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 befo...
CVE-2020-13652	An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p...
CVE-2020-13653	An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Pat...
CVE-2020-13654	XWiki Platform before 12.8 mishandles escaping in the property displayer....
CVE-2020-13655	An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the a...	E
CVE-2020-13656	In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowin...	E
CVE-2020-13657	An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before...
CVE-2020-13658	In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-leve...	E
CVE-2020-13659	address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBu...	S
CVE-2020-13660	CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name....	E
CVE-2020-13661	Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostnam...
CVE-2020-13662	Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially cra...
CVE-2020-13663	Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain fo...
CVE-2020-13664	Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker c...
CVE-2020-13665	Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only...
CVE-2020-13666	Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default...
CVE-2020-13667	Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without c...	S
CVE-2020-13668	Access bypass in Drupal Core 8/9	S
CVE-2020-13669	Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. T...	S
CVE-2020-13670	Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access...	S
CVE-2020-13671	Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files ...	KEV
CVE-2020-13672	Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter ...	S
CVE-2020-13673	The Entity Embed module provides a filter to allow embedding entities in content fields. In certain ...	S
CVE-2020-13674	The QuickEdit module does not properly validate access to routes, which could allow cross-site reque...	S
CVE-2020-13675	Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do n...	S
CVE-2020-13676	The QuickEdit module does not properly check access to fields in some circumstances, which can lead ...	S
CVE-2020-13677	Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certa...	S
CVE-2020-13688	Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that H...	S
CVE-2020-13692	PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE....	S
CVE-2020-13693	An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPres...	E
CVE-2020-13694	In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user c...	E
CVE-2020-13695	In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user h...	E
CVE-2020-13696	An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does no...	S
CVE-2020-13697	An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class...
CVE-2020-13699	TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A mali...
CVE-2020-13700	An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an inse...	E
CVE-2020-13702	The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 202...	E S
CVE-2020-13712	MGOS Command Injection
CVE-2020-13713	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13714	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13715	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13716	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13717	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13718	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13719	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13720	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13721	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13722	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13723	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13724	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13725	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13726	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13727	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13728	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13729	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13730	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13731	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13732	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13733	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13734	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13735	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13736	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13737	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13738	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13739	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13740	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13741	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13742	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13743	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13744	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13745	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13746	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13747	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13748	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13749	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13750	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13751	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13752	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...	R
CVE-2020-13753	The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access...	S
CVE-2020-13754	hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted a...	S
CVE-2020-13756	Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote c...	E S
CVE-2020-13757	Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceiv...	E
CVE-2020-13758	modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in ...	E
CVE-2020-13759	rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service...
CVE-2020-13760	In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF....
CVE-2020-13761	In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - News...
CVE-2020-13762	In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows ...
CVE-2020-13763	In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block H...
CVE-2020-13764	common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because ...
CVE-2020-13765	rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two ...	S
CVE-2020-13767	The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access res...
CVE-2020-13768	In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which all...	E
CVE-2020-13769	LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecont...	E
CVE-2020-13770	Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default ...
CVE-2020-13771	Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loa...
CVE-2020-13772	In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose...	E
CVE-2020-13773	Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck....	E
CVE-2020-13774	An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and ...
CVE-2020-13775	ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL po...	S
CVE-2020-13776	systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x fo...	S
CVE-2020-13777	GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of co...
CVE-2020-13778	rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forg...	E
CVE-2020-13782	D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection....	E
CVE-2020-13783	D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information....	E
CVE-2020-13784	D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator....	E
CVE-2020-13785	D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength....	E
CVE-2020-13786	D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF....	E
CVE-2020-13787	D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information....	E
CVE-2020-13788	Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit project...	E
CVE-2020-13790	libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm....	E S
CVE-2020-13791	hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an ...	S
CVE-2020-13792	PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage...	E
CVE-2020-13793	Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption ke...
CVE-2020-13794	Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor....	E S
CVE-2020-13795	An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/pac...	S
CVE-2020-13796	An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify cal...	S
CVE-2020-13797	An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify cal...	S
CVE-2020-13798	An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify cal...	S
CVE-2020-13799	Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) ...
CVE-2020-13800	ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a ...
CVE-2020-13802	Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of d...	E
CVE-2020-13803	An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signa...	S
CVE-2020-13804	An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosur...	S
CVE-2020-13805	An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack misha...	S
CVE-2020-13806	An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because...	S
CVE-2020-13807	An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference misha...	S
CVE-2020-13808	An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption ...	S
CVE-2020-13809	An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption ...	S
CVE-2020-13810	An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation ...	S
CVE-2020-13811	An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a ...
CVE-2020-13812	An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privil...
CVE-2020-13813	An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privil...
CVE-2020-13814	An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a d...
CVE-2020-13815	An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via...
CVE-2020-13816	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-13817. Reason: This candidat...	R
CVE-2020-13817	ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of se...	S
CVE-2020-13818	In Zoho ManageEngine OpManager before 125144, when is used, directory traversal validat...
CVE-2020-13819	Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request...
CVE-2020-13820	Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET req...
CVE-2020-13821	An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQ...
CVE-2020-13822	The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encodin...	E
CVE-2020-13825	A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitr...	E
CVE-2020-13826	A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an at...	E
CVE-2020-13827	phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php....	E
CVE-2020-13828	Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could...
CVE-2020-13829	An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can di...
CVE-2020-13830	An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak...
CVE-2020-13831	An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) soft...
CVE-2020-13832	An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) sof...
CVE-2020-13833	An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The sys...
CVE-2020-13834	An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) so...
CVE-2020-13835	An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeepe...
CVE-2020-13836	An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResP...
CVE-2020-13837	An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does...
CVE-2020-13838	An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscre...
CVE-2020-13839	An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets)...
CVE-2020-13840	An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets)...
CVE-2020-13841	An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command ...
CVE-2020-13842	An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets)...
CVE-2020-13843	An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users...
CVE-2020-13844	Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in contr...	S
CVE-2020-13845	Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integr...
CVE-2020-13846	Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code....	S
CVE-2020-13847	Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and veri...
CVE-2020-13848	Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of serv...	S
CVE-2020-13849	The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value s...
CVE-2020-13850	Artica Pandora FMS 7.44 has inadequate access controls on a web folder....	E
CVE-2020-13851	Artica Pandora FMS 7.44 allows remote command execution via the events feature....	E
CVE-2020-13852	Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the F...	E
CVE-2020-13853	Artica Pandora FMS 7.44 has persistent XSS in the Messages feature....	E
CVE-2020-13854	Artica Pandora FMS 7.44 allows privilege escalation....	E
CVE-2020-13855	Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the F...	E
CVE-2020-13856	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not re...	S
CVE-2020-13857	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can b...	S
CVE-2020-13858	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They conta...	S
CVE-2020-13859	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/s...	S
CVE-2020-13860	An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password al...	S
CVE-2020-13863	The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by perform...
CVE-2020-13864	The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability...	E
CVE-2020-13865	The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulner...	E
CVE-2020-13866	WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local user...
CVE-2020-13867	Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup dire...
CVE-2020-13868	An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment inte...
CVE-2020-13869	An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a...
CVE-2020-13870	An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via a...
CVE-2020-13871	SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite fo...	E S
CVE-2020-13872	Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authe...	E
CVE-2020-13873	A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4...	E
CVE-2020-13877	SQL Injection issues in various ASPX pages of ResourceXpress Meeting Monitor 4.9 could lead to remot...
CVE-2020-13878	IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write....
CVE-2020-13879	IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write....
CVE-2020-13880	IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write....
CVE-2020-13881	In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if...	S
CVE-2020-13882	CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routi...
CVE-2020-13883	In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0...
CVE-2020-13884	Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerabil...	E
CVE-2020-13885	Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gai...	E
CVE-2020-13886	Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-b...	E
CVE-2020-13887	documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php file...
CVE-2020-13888	Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, users_management_edit.php, and us...
CVE-2020-13889	showAlert() in the administration panel in Bludit 3.12.0 allows XSS....	E
CVE-2020-13890	The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a d...	E
CVE-2020-13891	An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party serve...
CVE-2020-13892	The SportsPress plugin before 2.7.2 for WordPress allows XSS....
CVE-2020-13893	Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authentic...
CVE-2020-13894	handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitr...	E
CVE-2020-13895	Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verif...	S
CVE-2020-13896	The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remote attackers to obtain sensitiv...	E
CVE-2020-13897	HESK before 3.1.10 allows reflected XSS....
CVE-2020-13898	An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process...	E S
CVE-2020-13899	An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_inc...	E S
CVE-2020-13900	An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_prepars...	E S
CVE-2020-13901	An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge i...	E S
CVE-2020-13902	ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in Magi...
CVE-2020-13903	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-12254. Reason: This candidat...	R
CVE-2020-13904	FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because pars...	E S
CVE-2020-13905	IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000...
CVE-2020-13906	IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000...
CVE-2020-13909	The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. ...	S
CVE-2020-13910	Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c beca...	S
CVE-2020-13911	Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname...	E
CVE-2020-13912	SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Troja...
CVE-2020-13913	An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker t...
CVE-2020-13914	webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial...
CVE-2020-13915	Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a rem...
CVE-2020-13916	A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote...
CVE-2020-13917	rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remote attacker to achieve command ...
CVE-2020-13918	Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remot...
CVE-2020-13919	emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to achieve...
CVE-2020-13920	Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the se...
CVE-2020-13921	Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vu...
CVE-2020-13922	Apache DolphinScheduler (incubating) Permission vulnerability
CVE-2020-13923	IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 1...
CVE-2020-13924	In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for director...	E
CVE-2020-13925	Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS c...
CVE-2020-13926	Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some ...
CVE-2020-13927	The previous default setting for Airflow's Experimental API was to allow all API requests without au...	KEV E
CVE-2020-13928	Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements val...
CVE-2020-13929	Notebook permissions bypass
CVE-2020-13931	If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to us...
CVE-2020-13932	In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload...
CVE-2020-13933	Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an au...
CVE-2020-13934	An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8....	S
CVE-2020-13935	The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10...	S
CVE-2020-13936	Velocity Sandbox Bypass	S
CVE-2020-13937	Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6...
CVE-2020-13938	Improper Handling of Insufficient Privileges
CVE-2020-13939	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2020-13940	In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and u...
CVE-2020-13941	Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. T...
CVE-2020-13942	Remote Code Execution in Apache Unomi	E
CVE-2020-13943	If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 ...	S
CVE-2020-13944	In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' ...
CVE-2020-13945	In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rul...	E S
CVE-2020-13946	In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possi...
CVE-2020-13947	An instance of a cross-site scripting vulnerability was identified to be present in the web based ad...	S
CVE-2020-13948	While investigating a bug report on Apache Superset, it was determined that an authenticated user co...
CVE-2020-13949	In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result...	S
CVE-2020-13950	mod_proxy_http NULL pointer dereference
CVE-2020-13951	Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial o...
CVE-2020-13952	In the course of work on the open source project it was discovered that authenticated users running ...
CVE-2020-13953	In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files insid...
CVE-2020-13954	Apache CXF Reflected XSS in the services listing page via the styleSheetPath	S
CVE-2020-13955	HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections ma...
CVE-2020-13956	Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority co...	S
CVE-2020-13957	Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features consid...
CVE-2020-13958	A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents cont...
CVE-2020-13959	Velocity Tools XSS Vulnerability	M
CVE-2020-13960	D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the D...	E
CVE-2020-13961	Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions beca...
CVE-2020-13962	Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandle...	E S
CVE-2020-13963	SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the ...
CVE-2020-13964	An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_ou...	S
CVE-2020-13965	An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via ...	KEV E S
CVE-2020-13968	CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using th...	E
CVE-2020-13969	CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro'...	E
CVE-2020-13970	Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upl...
CVE-2020-13971	In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature...
CVE-2020-13972	Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own domain name in the WebServiceLoca...	E
CVE-2020-13973	OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON...	E
CVE-2020-13974	An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an inte...	E S
CVE-2020-13976	An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to exec...	E
CVE-2020-13977	Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON C...	E
CVE-2020-13978	Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php fil...	E
CVE-2020-13980	OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in ...	E
CVE-2020-13983	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-14159. Reason: This candidat...	R
CVE-2020-13984	An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack comp...
CVE-2020-13985	An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP ...
CVE-2020-13986	An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack comp...
CVE-2020-13987	An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uI...	S
CVE-2020-13988	An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack c...
CVE-2020-13991	vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a re...	E S
CVE-2020-13992	An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote un...	E
CVE-2020-13993	An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection is...	E
CVE-2020-13994	An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code ...	E
CVE-2020-13995	U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code exec...	E
CVE-2020-13996	The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manage...
CVE-2020-13997	In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverEx...
CVE-2020-13998	Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whethe...
CVE-2020-13999	ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer ...