Lista CVE - 2020 / Gennaio
Visualizzazione 1201 - 1300 di 1655 CVE per Gennaio 2020 (Pagina 13 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2015-2689 | 2020-01-24 | Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service... |
| CVE-2015-2688 | 2020-01-24 | buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of... |
| CVE-2013-1596 | 2020-01-24 | An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554. |
| CVE-2013-1597 | 2020-01-24 | A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials. |
| CVE-2014-4172 | 2020-01-24 | A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and... |
| CVE-2013-1598 | 2020-01-24 | A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary... |
| CVE-2020-7052 | 2020-01-24 | CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. |
| CVE-2020-7964 | 2020-01-24 | An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak... |
| CVE-2020-5224 | 2020-01-24 | Session key exposure through session list in Django User Sessions |
| CVE-2018-8654 | 2020-01-24 | An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. |
| CVE-2019-1349 | 2020-01-24 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350,... |
| CVE-2019-1350 | 2020-01-24 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349,... |
| CVE-2019-1351 | 2020-01-24 | A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. |
| CVE-2019-1352 | 2020-01-24 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349,... |
| CVE-2019-1354 | 2020-01-24 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349,... |
| CVE-2019-1414 | 2020-01-24 | An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'. |
| CVE-2019-1454 | 2020-01-24 | An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'. |
| CVE-2019-1460 | 2020-01-24 | A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'. |
| CVE-2020-5225 | 2020-01-24 | Log injection in SimpleSAMLphp |
| CVE-2019-1348 | 2020-01-24 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the... |
| CVE-2019-1353 | 2020-01-24 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known... |
| CVE-2020-5226 | 2020-01-24 | Cross-site scripting in SimpleSAMLphp |
| CVE-2015-9541 | 2020-01-24 | Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. |
| CVE-2014-9630 | 2020-01-24 | The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause... |
| CVE-2014-9629 | 2020-01-24 | Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary... |
| CVE-2014-9628 | 2020-01-24 | The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary... |
| CVE-2014-9627 | 2020-01-24 | The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to... |
| CVE-2014-9626 | 2020-01-24 | Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact... |
| CVE-2014-9625 | 2020-01-24 | The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows... |
| CVE-2019-5124 | 2020-01-25 | An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted... |
| CVE-2019-5147 | 2020-01-25 | An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted... |
| CVE-2019-5146 | 2020-01-25 | An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted... |
| CVE-2019-5183 | 2020-01-25 | An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code... |
| CVE-2020-7596 | 2020-01-25 | Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument. |
| CVE-2012-6344 | 2020-01-25 | Novell ZENworks Configuration Management before 11.2.4 allows XSS. |
| CVE-2012-6345 | 2020-01-25 | Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information. |
| CVE-2012-6494 | 2020-01-25 | Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access. |
| CVE-2020-7980 | 2020-01-25 | Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a... |
| CVE-2012-6613 | 2020-01-25 | D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account. |
| CVE-2013-1744 | 2020-01-25 | IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands. |
| CVE-2020-7981 | 2020-01-25 | sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data. |
| CVE-2019-12629 | 2020-01-26 | Cisco SD-WAN vManage Command Injection Vulnerability |
| CVE-2019-12619 | 2020-01-26 | Cisco SD-WAN Solution SQL Injection Vulnerability |
| CVE-2020-3136 | 2020-01-26 | Cisco Jabber Guest Cross-Site Scripting Vulnerability |
| CVE-2020-3139 | 2020-01-26 | Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability |
| CVE-2019-15989 | 2020-01-26 | Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability |
| CVE-2019-16018 | 2020-01-26 | Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability |
| CVE-2019-16020 | 2020-01-26 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities |
| CVE-2019-16022 | 2020-01-26 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities |
| CVE-2019-16027 | 2020-01-26 | Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability |
| CVE-2019-16029 | 2020-01-26 | Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability |
| CVE-2020-3115 | 2020-01-26 | Cisco SD-WAN Solution Local Privilege Escalation Vulnerability |
| CVE-2020-3121 | 2020-01-26 | Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability |
| CVE-2020-3129 | 2020-01-26 | Cisco Unity Connection Stored Cross-Site Scripting Vulnerability |
| CVE-2020-3131 | 2020-01-26 | Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability |
| CVE-2020-3134 | 2020-01-26 | Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability |
| CVE-2019-16015 | 2020-01-26 | Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability |
| CVE-2019-15255 | 2020-01-26 | Cisco Identity Services Engine Authorization Bypass Vulnerability |
| CVE-2019-16026 | 2020-01-26 | Cisco Mobility Management Entity Denial of Service Vulnerability |
| CVE-2019-16024 | 2020-01-26 | Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability |
| CVE-2019-16008 | 2020-01-26 | Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability |
| CVE-2019-16005 | 2020-01-26 | Cisco Webex Video Mesh Node Command Injection Vulnerability |
| CVE-2019-16003 | 2020-01-26 | Cisco UCS Director Information Disclosure Vulnerability |
| CVE-2019-15278 | 2020-01-26 | Cisco Finesse Cross-Site Scripting Vulnerability |
| CVE-2020-3142 | 2020-01-26 | Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability |
| CVE-2020-7984 | 2020-01-26 | SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive... |
| CVE-2020-7991 | 2020-01-26 | Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password. |
| CVE-2020-7990 | 2020-01-26 | Adive Framework 2.0.8 has admin/user/add userName XSS. |
| CVE-2020-7989 | 2020-01-26 | Adive Framework 2.0.8 has admin/user/add userUsername XSS. |
| CVE-2020-7996 | 2020-01-26 | htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header. |
| CVE-2020-7995 | 2020-01-26 | The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts. |
| CVE-2020-7994 | 2020-01-26 | Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname]... |
| CVE-2020-8002 | 2020-01-27 | A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a... |
| CVE-2020-8003 | 2020-01-27 | A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for... |
| CVE-2020-7999 | 2020-01-27 | The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY. |
| CVE-2020-8001 | 2020-01-27 | The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account. |
| CVE-2020-8000 | 2020-01-27 | Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account. |
| CVE-2019-20432 | 2020-01-27 | In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a... |
| CVE-2019-20431 | 2020-01-27 | In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by... |
| CVE-2019-20430 | 2020-01-27 | In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields... |
| CVE-2019-20429 | 2020-01-27 | In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields... |
| CVE-2019-20428 | 2020-01-27 | In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a... |
| CVE-2019-20427 | 2020-01-27 | In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields... |
| CVE-2019-20426 | 2020-01-27 | In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a... |
| CVE-2019-20425 | 2020-01-27 | In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a... |
| CVE-2019-20424 | 2020-01-27 | In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets... |
| CVE-2019-20423 | 2020-01-27 | In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a... |
| CVE-2019-20422 | 2020-01-27 | In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db. |
| CVE-2019-20421 | 2020-01-27 | In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause... |
| CVE-2018-12476 | 2020-01-27 | obs-service-extract_file's outfilename parameter allows to write files outside of package directory |
| CVE-2018-20105 | 2020-01-27 | yast2-rmt exposes CA private key passhrase in log-file |
| CVE-2019-6036 | 2020-01-27 | Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2020-5520 | 2020-01-27 | The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| CVE-2020-5521 | 2020-01-27 | The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2020-5522 | 2020-01-27 | The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2017-14806 | 2020-01-27 | Insecure handling of repodata and packages in SUSE Studio onlite |
| CVE-2017-14807 | 2020-01-27 | SQL injection in ui-server/app/models/diary_entry.rb in SUSE Studio onsite |
| CVE-2020-8009 | 2020-01-27 | AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file. |
| CVE-2019-17100 | 2020-01-27 | Untrusted Search Path vulnerability in Bitdefender Total Security 2020 (VA-5895) |
| CVE-2013-6056 | 2020-01-27 | OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability |