Vulmon Recent Vulnerabilities Trends Blog About Contact

Recent vulnerabilities and exploits

3.3
CVSSv2
CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to...
NA
CVE-2020-29053
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter....
7.2
CVSSv2
CVE-2020-1550
An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CDP User Components Elevation of Privilege...
7.5
CVSSv2
CVE-2020-15505
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version...
NA
CVE-2020-25640
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file....
2.1
CVSSv2
CVE-2020-26572
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher....
2.1
CVSSv2
CVE-2020-26571
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init....
2.1
CVSSv2
CVE-2020-26570
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file....
NA
CVE-2020-27780
An authentication bypass issue was found in pam 1.5.0. Nonexistent users could authenticate if the root password was empty....
NA
CVE-2020-13620
Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-15248LFICVE-2020-4000CVE-2020-1034local userstype confusionCVE-2020-13942CVE-2020-25475CVE-2018-16722