Lista CVE - 2020 / Gennaio
Visualizzazione 401 - 500 di 1655 CVE per Gennaio 2020 (Pagina 5 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-20376 | 2020-01-10 | A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c. |
| CVE-2019-20375 | 2020-01-10 | A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization (loc) command to... |
| CVE-2014-5013 | 2020-01-10 | DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. |
| CVE-2014-5012 | 2020-01-10 | DOMPDF before 0.6.2 allows denial of service. |
| CVE-2014-5011 | 2020-01-10 | DOMPDF before 0.6.2 allows Information Disclosure. |
| CVE-2014-4984 | 2020-01-10 | Déjà Vu Crescendo Sales CRM has remote SQL Injection |
| CVE-2014-5081 | 2020-01-10 | sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass |
| CVE-2014-4982 | 2020-01-10 | LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server. |
| CVE-2014-4530 | 2020-01-10 | flog plugin 0.1 for WordPress has XSS |
| CVE-2014-4561 | 2020-01-10 | The ultimate-weather plugin 1.0 for WordPress has XSS |
| CVE-2013-6231 | 2020-01-10 | SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script |
| CVE-2013-7380 | 2020-01-10 | The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability |
| CVE-2011-4595 | 2020-01-10 | Pretty-Link WordPress plugin 1.5.2 has XSS |
| CVE-2013-6430 | 2020-01-10 | The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via... |
| CVE-2014-5092 | 2020-01-10 | Status2k allows Remote Command Execution in admin/options/editpl.php. |
| CVE-2014-5093 | 2020-01-10 | Status2k does not remove the install directory allowing credential reset. |
| CVE-2020-1765 | 2020-01-10 | Spoofing of From field in several screens |
| CVE-2020-1766 | 2020-01-10 | Improper handling of uploaded inline images |
| CVE-2020-1767 | 2020-01-10 | Possible to send drafted messages as wrong agent |
| CVE-2019-4508 | 2020-01-10 | IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429. |
| CVE-2019-4559 | 2020-01-10 | IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355. |
| CVE-2020-6162 | 2020-01-10 | An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in... |
| CVE-2012-3822 | 2020-01-10 | Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials. |
| CVE-2012-3823 | 2020-01-10 | Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved. |
| CVE-2012-3824 | 2020-01-10 | In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization. |
| CVE-2012-4030 | 2020-01-10 | Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files. |
| CVE-2019-18194 | 2020-01-10 | TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. |
| CVE-2019-14304 | 2020-01-10 | Ricoh SP C250DN 1.06 devices allow CSRF. |
| CVE-2019-14306 | 2020-01-10 | Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2). |
| CVE-2019-14302 | 2020-01-10 | On Ricoh SP C250DN 1.06 devices, a debug port can be used. |
| CVE-2019-14301 | 2020-01-10 | Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2). |
| CVE-2011-5020 | 2020-01-10 | An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. |
| CVE-2019-18588 | 2020-01-10 | Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting... |
| CVE-2012-4284 | 2020-01-10 | A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious... |
| CVE-2012-3821 | 2020-01-10 | A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field. |
| CVE-2012-4603 | 2020-01-10 | Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to... |
| CVE-2020-6835 | 2020-01-10 | An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking. |
| CVE-2019-13767 | 2020-01-10 | Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted... |
| CVE-2020-6377 | 2020-01-10 | Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2019-19475 | 2020-01-10 | An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission... |
| CVE-2020-6836 | 2020-01-11 | grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in... |
| CVE-2020-6840 | 2020-01-11 | In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c. |
| CVE-2020-6839 | 2020-01-11 | In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c. |
| CVE-2020-6838 | 2020-01-11 | In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c. |
| CVE-2019-20379 | 2020-01-11 | ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter. |
| CVE-2019-20378 | 2020-01-11 | ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter. |
| CVE-2019-20377 | 2020-01-11 | TopList before 2019-09-03 allows XSS via a title. |
| CVE-2020-6847 | 2020-01-11 | OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript. |
| CVE-2020-6848 | 2020-01-13 | Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI. |
| CVE-2020-6851 | 2020-01-13 | OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation. |
| CVE-2020-6860 | 2020-01-13 | libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute. |
| CVE-2014-6059 | 2020-01-13 | WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability |
| CVE-2014-6038 | 2020-01-13 | Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000. |
| CVE-2014-6039 | 2020-01-13 | ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability. Fixed version 10 Build 10000. |
| CVE-2014-5380 | 2020-01-13 | Grand MA 300 allows retrieval of the access PIN from sniffed data. |
| CVE-2014-5381 | 2020-01-13 | Grand MA 300 allows a brute-force attack on the PIN. |
| CVE-2013-6225 | 2020-01-13 | LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability |
| CVE-2011-2670 | 2020-01-13 | Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets |
| CVE-2014-9382 | 2020-01-13 | Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation |
| CVE-2019-19547 | 2020-01-13 | Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to... |
| CVE-2019-18893 | 2020-01-13 | XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component.... |
| CVE-2019-18894 | 2020-01-13 | In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A... |
| CVE-2020-6859 | 2020-01-13 | Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a... |
| CVE-2019-20209 | 2020-01-13 | The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing. |
| CVE-2019-20210 | 2020-01-13 | The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query. |
| CVE-2020-5195 | 2020-01-13 | Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public... |
| CVE-2019-20211 | 2020-01-13 | The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job... |
| CVE-2019-19891 | 2020-01-13 | An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept... |
| CVE-2019-20212 | 2020-01-13 | The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form. |
| CVE-2020-5390 | 2020-01-13 | PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW).... |
| CVE-2019-19728 | 2020-01-13 | SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. |
| CVE-2019-19727 | 2020-01-13 | SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. |
| CVE-2012-4767 | 2020-01-13 | An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security... |
| CVE-2020-6949 | 2020-01-13 | A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise... |
| CVE-2020-6948 | 2020-01-13 | A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password. |
| CVE-2012-4760 | 2020-01-13 | A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges. |
| CVE-2012-4761 | 2020-01-13 | A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges. |
| CVE-2012-4750 | 2020-01-13 | A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a... |
| CVE-2020-6832 | 2020-01-13 | An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects. |
| CVE-2020-5197 | 2020-01-13 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. |
| CVE-2019-20148 | 2020-01-13 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control. |
| CVE-2019-20147 | 2020-01-13 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control. |
| CVE-2019-20146 | 2020-01-13 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. |
| CVE-2019-20145 | 2020-01-13 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control. |
| CVE-2019-20144 | 2020-01-13 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. |
| CVE-2019-20143 | 2020-01-13 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control. |
| CVE-2019-20142 | 2020-01-13 | An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service. |
| CVE-2019-19680 | 2020-01-13 | A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to... |
| CVE-2020-6955 | 2020-01-13 | An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS. |
| CVE-2020-6954 | 2020-01-13 | An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the... |
| CVE-2020-6958 | 2020-01-13 | An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and... |
| CVE-2020-5196 | 2020-01-14 | Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to... |
| CVE-2020-5194 | 2020-01-14 | The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs... |
| CVE-2014-9211 | 2020-01-14 | ClickDesk version 4.3 and below has persistent cross site scripting |
| CVE-2019-0219 | 2020-01-14 | A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. |
| CVE-2013-2773 | 2020-01-14 | Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution |
| CVE-2019-12399 | 2020-01-14 | When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect... |
| CVE-2013-7185 | 2020-01-14 | PotPlayer 1.5.40688: .avi File Memory Corruption |
| CVE-2020-5851 | 2020-01-14 | On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE:... |
| CVE-2015-8367 | 2020-01-14 | The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. |