Lista CVE - 2020 / Gennaio
Visualizzazione 101 - 200 di 1655 CVE per Gennaio 2020 (Pagina 2 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-9539 | 2020-01-03 | Telos Automated Message Handling System reflected XSS in ModalWindowPopup.asp |
| CVE-2019-9540 | 2020-01-03 | Telos Automated Message Handling System reflected XSS in prefs.asp |
| CVE-2019-9541 | 2020-01-03 | Telos Automated Message Handling System information disclosure in itemlookup.asp |
| CVE-2019-9542 | 2020-01-03 | Telos Automated Message Handling System reflected XSS in itemlookup.asp |
| CVE-2019-3768 | 2020-01-03 | RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local... |
| CVE-2019-13765 | 2020-01-03 | Use-after-free in content delivery manager in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-13766 | 2020-01-03 | Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5844 | 2020-01-03 | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5845 | 2020-01-03 | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-5846 | 2020-01-03 | Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-5497 | 2020-01-04 | The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be... |
| CVE-2020-5499 | 2020-01-04 | Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same. |
| CVE-2015-9540 | 2020-01-04 | Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. |
| CVE-2019-20334 | 2020-01-04 | In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in... |
| CVE-2019-20337 | 2020-01-05 | In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection. |
| CVE-2019-20336 | 2020-01-05 | In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to XSS. |
| CVE-2019-19312 | 2020-01-05 | GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private... |
| CVE-2019-19313 | 2020-01-05 | GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits. |
| CVE-2019-19314 | 2020-01-05 | GitLab EE 8.4 through 12.5, 12.4.3, and 12.3.6 stored several tokens in plaintext. |
| CVE-2019-19628 | 2020-01-05 | In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. |
| CVE-2019-19629 | 2020-01-05 | In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by... |
| CVE-2019-19911 | 2020-01-05 | There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows... |
| CVE-2019-20004 | 2020-01-05 | An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at... |
| CVE-2019-20077 | 2020-01-05 | The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout... |
| CVE-2019-20153 | 2020-01-05 | An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote... |
| CVE-2019-20154 | 2020-01-05 | An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script... |
| CVE-2019-20155 | 2020-01-05 | An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code... |
| CVE-2020-5305 | 2020-01-05 | Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. |
| CVE-2020-5306 | 2020-01-05 | Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. |
| CVE-2019-18179 | 2020-01-06 | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS... |
| CVE-2019-19266 | 2020-01-06 | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for objects. |
| CVE-2019-19265 | 2020-01-06 | IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for contacts. |
| CVE-2020-5192 | 2020-01-06 | PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information... |
| CVE-2020-5191 | 2020-01-06 | PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities. |
| CVE-2019-20352 | 2020-01-06 | In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c. |
| CVE-2019-5987 | 2020-01-06 | Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote authenticated attackers to execute arbitrary OS commands via the Management Page. |
| CVE-2019-5988 | 2020-01-06 | Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page. |
| CVE-2019-5989 | 2020-01-06 | DOM-based cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Analysis Object... |
| CVE-2019-5990 | 2020-01-06 | Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allow remote attackers to obtain a login password via HTTP referer. |
| CVE-2019-20354 | 2020-01-06 | The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In... |
| CVE-2019-15976 | 2020-01-06 | Cisco Data Center Network Manager Authentication Bypass Vulnerabilities |
| CVE-2019-15975 | 2020-01-06 | Cisco Data Center Network Manager Authentication Bypass Vulnerabilities |
| CVE-2019-15999 | 2020-01-06 | Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability |
| CVE-2019-15985 | 2020-01-06 | Cisco Data Center Network Manager SQL Injection Vulnerabilities |
| CVE-2019-15984 | 2020-01-06 | Cisco Data Center Network Manager SQL Injection Vulnerabilities |
| CVE-2019-15983 | 2020-01-06 | Cisco Data Center Network Manager XML External Entity Read Access Vulnerability |
| CVE-2019-15982 | 2020-01-06 | Cisco Data Center Network Manager Path Traversal Vulnerabilities |
| CVE-2019-15981 | 2020-01-06 | Cisco Data Center Network Manager Path Traversal Vulnerabilities |
| CVE-2019-15980 | 2020-01-06 | Cisco Data Center Network Manager Path Traversal Vulnerabilities |
| CVE-2019-15979 | 2020-01-06 | Cisco Data Center Network Manager Command Injection Vulnerabilities |
| CVE-2019-15978 | 2020-01-06 | Cisco Data Center Network Manager Command Injection Vulnerabilities |
| CVE-2019-15977 | 2020-01-06 | Cisco Data Center Network Manager Authentication Bypass Vulnerabilities |
| CVE-2020-5519 | 2020-01-06 | The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen. |
| CVE-2019-20343 | 2020-01-06 | The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element (within a plugin element) can specify an arbitrary program in... |
| CVE-2016-11017 | 2020-01-06 | The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed... |
| CVE-2019-15603 | 2020-01-06 | The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability via a malicious filename rendered in a directory listing. |
| CVE-2019-15602 | 2020-01-06 | The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves. |
| CVE-2020-5840 | 2020-01-06 | An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field. |
| CVE-2019-9472 | 2020-01-06 | In DCRYPTO_equals of compare.c, there is a possible timing attack due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2019-9471 | 2020-01-06 | In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2019-9470 | 2020-01-06 | In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2019-9469 | 2020-01-06 | In km_compute_shared_hmac of km4.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2019-9468 | 2020-01-06 | In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2019-18792 | 2020-01-06 | An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet... |
| CVE-2020-5515 | 2020-01-06 | Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. |
| CVE-2015-4039 | 2020-01-06 | Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or... |
| CVE-2020-5514 | 2020-01-06 | Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. |
| CVE-2020-5513 | 2020-01-06 | Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. |
| CVE-2020-5204 | 2020-01-06 | Buffer overflow vulnerability in uftpd |
| CVE-2020-5512 | 2020-01-06 | Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. |
| CVE-2019-19585 | 2020-01-06 | An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for... |
| CVE-2019-19509 | 2020-01-06 | An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to... |
| CVE-2019-16717 | 2020-01-06 | OX App Suite through 7.10.2 has XSS. |
| CVE-2014-3743 | 2020-01-06 | Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks... |
| CVE-2019-16716 | 2020-01-06 | OX App Suite through 7.10.2 has Incorrect Access Control. |
| CVE-2019-16274 | 2020-01-06 | DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP. |
| CVE-2019-16273 | 2020-01-06 | DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert... |
| CVE-2019-16272 | 2020-01-06 | On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement. |
| CVE-2019-16271 | 2020-01-06 | DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF documents via storage/emulated/0/Notes/PDF on TCP port 8080 without authentication. |
| CVE-2019-18625 | 2020-01-06 | An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN... |
| CVE-2020-5846 | 2020-01-06 | An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header,... |
| CVE-2019-18842 | 2020-01-06 | A cross-site scripting (XSS) vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of... |
| CVE-2019-20348 | 2020-01-06 | OKER G232V1 v1.03.02.20161129 devices provide a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to interrupt the boot sequence in order... |
| CVE-2015-5951 | 2020-01-06 | A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute... |
| CVE-2015-4553 | 2020-01-06 | A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. |
| CVE-2014-9405 | 2020-01-06 | A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary... |
| CVE-2014-8674 | 2020-01-06 | Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious... |
| CVE-2019-6854 | 2020-01-06 | A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert (ClearSCADA) -with initial releases before 1 January 2019- which could cause a low privilege user to... |
| CVE-2019-6855 | 2020-01-06 | Incorrect Authorization vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions), Modicon M340 (all versions prior to V3.20) , and Modicon M580... |
| CVE-2019-6856 | 2020-01-06 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a... |
| CVE-2019-6857 | 2020-01-06 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a... |
| CVE-2018-7794 | 2020-01-06 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a... |
| CVE-2020-5843 | 2020-01-07 | Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. |
| CVE-2013-5571 | 2020-01-07 | HMailServer 5.3.x and prior: Memory Corruption which could cause DOS |
| CVE-2013-5122 | 2020-01-07 | Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access |
| CVE-2020-5393 | 2020-01-07 | In Appspace On-Prem through 7.1.3, an adversary can steal a session token via XSS. |
| CVE-2019-14879 | 2020-01-07 | A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being... |
| CVE-2013-5637 | 2020-01-07 | PQI AirCard has persistent XSS |
| CVE-2019-14834 | 2020-01-07 | A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. |
| CVE-2013-5638 | 2020-01-07 | Transcend WiFiSD 1.8 has persistent XSS |