Lista CVE - 2020 / Ottobre
Visualizzazione 1501 - 1594 di 1594 CVE per Ottobre 2020 (Pagina 16 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-11483 | 2020-10-29 | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware... |
| CVE-2020-11484 | 2020-10-29 | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the... |
| CVE-2020-11485 | 2020-10-29 | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does... |
| CVE-2020-11486 | 2020-10-29 | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer... |
| CVE-2020-11487 | 2020-10-29 | NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains... |
| CVE-2020-11488 | 2020-10-29 | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware... |
| CVE-2020-11489 | 2020-10-29 | NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware... |
| CVE-2020-11615 | 2020-10-29 | NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead... |
| CVE-2020-11616 | 2020-10-29 | NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL... |
| CVE-2020-7746 | 2020-10-29 | Prototype Pollution |
| CVE-2020-27649 | 2020-10-29 | Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| CVE-2020-27651 | 2020-10-29 | Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this... |
| CVE-2020-27653 | 2020-10-29 | Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. |
| CVE-2020-27654 | 2020-10-29 | Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. |
| CVE-2020-27655 | 2020-10-29 | Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. |
| CVE-2020-27657 | 2020-10-29 | Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. |
| CVE-2020-27658 | 2020-10-29 | Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially... |
| CVE-2020-27648 | 2020-10-29 | Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| CVE-2020-27650 | 2020-10-29 | Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this... |
| CVE-2020-27652 | 2020-10-29 | Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. |
| CVE-2020-27656 | 2020-10-29 | Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. |
| CVE-2020-25516 | 2020-10-29 | WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks. |
| CVE-2020-5938 | 2020-10-29 | On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. |
| CVE-2020-5937 | 2020-10-29 | On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral denial-of-service (DoS) traffic. |
| CVE-2020-21266 | 2020-10-29 | Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability. |
| CVE-2020-7384 | 2020-10-29 | Client-Side Command Injection in Rapid7 Metasploit |
| CVE-2020-27993 | 2020-10-29 | Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files. |
| CVE-2020-5935 | 2020-10-29 | On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with... |
| CVE-2020-5933 | 2020-10-29 | On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require... |
| CVE-2020-5932 | 2020-10-29 | On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response... |
| CVE-2020-5931 | 2020-10-29 | On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart. |
| CVE-2020-5934 | 2020-10-29 | On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic... |
| CVE-2020-5936 | 2020-10-29 | On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client... |
| CVE-2019-4547 | 2020-10-29 | IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949. |
| CVE-2019-4563 | 2020-10-29 | IBM Security Directory Server 6.4.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http://... |
| CVE-2020-4721 | 2020-10-29 | IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open... |
| CVE-2020-4722 | 2020-10-29 | IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open... |
| CVE-2020-4723 | 2020-10-29 | IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open... |
| CVE-2020-4724 | 2020-10-29 | IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open... |
| CVE-2020-4864 | 2020-10-29 | IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567. |
| CVE-2020-25780 | 2020-10-29 | In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a... |
| CVE-2020-27744 | 2020-10-29 | An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges. |
| CVE-2020-27995 | 2020-10-29 | SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. |
| CVE-2020-27996 | 2020-10-29 | An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations. |
| CVE-2020-27998 | 2020-10-29 | An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress. |
| CVE-2020-27747 | 2020-10-29 | An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the... |
| CVE-2020-27886 | 2020-10-29 | An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of... |
| CVE-2020-27887 | 2020-10-29 | An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter... |
| CVE-2020-25646 | 2020-10-29 | A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality |
| CVE-2020-26205 | 2020-10-29 | XSS in Sal |
| CVE-2020-27885 | 2020-10-29 | Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a... |
| CVE-2020-27014 | 2020-10-29 | Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel... |
| CVE-2020-27015 | 2020-10-29 | Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker... |
| CVE-2020-25689 | 2020-10-30 | A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed... |
| CVE-2020-28002 | 2020-10-30 | In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting... |
| CVE-2020-5652 | 2020-10-30 | Uncontrolled resource consumption vulnerability in Ethernet Port on MELSEC iQ-R, Q and L series CPU modules (R 00/01/02 CPU firmware versions '20' and earlier, R 04/08/16/32/120 (EN) CPU firmware versions... |
| CVE-2020-5653 | 2020-10-30 | Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92... |
| CVE-2020-5654 | 2020-10-30 | Session fixation vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92... |
| CVE-2020-5655 | 2020-10-30 | NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before,... |
| CVE-2020-5656 | 2020-10-30 | Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before,... |
| CVE-2020-5657 | 2020-10-30 | Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits... |
| CVE-2020-5658 | 2020-10-30 | Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before,... |
| CVE-2020-7759 | 2020-10-30 | SQL Injection |
| CVE-2020-7760 | 2020-10-30 | Regular Expression Denial of Service (ReDoS) |
| CVE-2020-4584 | 2020-10-30 | IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in... |
| CVE-2020-4588 | 2020-10-30 | IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579. |
| CVE-2020-6014 | 2020-10-30 | Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name.... |
| CVE-2020-27708 | 2020-10-30 | A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they... |
| CVE-2020-15914 | 2020-10-30 | A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target... |
| CVE-2020-7373 | 2020-10-30 | vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373... |
| CVE-2020-15277 | 2020-10-30 | Remote Code Execution in baserCMS |
| CVE-2020-8236 | 2020-10-30 | A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn... |
| CVE-2020-8173 | 2020-10-30 | A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. |
| CVE-2020-8183 | 2020-10-30 | A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. |
| CVE-2020-15276 | 2020-10-30 | Cross Site Scripting in baserCMS |
| CVE-2020-15273 | 2020-10-30 | Cross-Site Scripting in baserCMS |
| CVE-2020-28030 | 2020-10-30 | In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. |
| CVE-2020-5991 | 2020-10-30 | NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of... |
| CVE-2020-28031 | 2020-10-30 | eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. |
| CVE-2020-28035 | 2020-10-31 | WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. |
| CVE-2020-28039 | 2020-10-31 | is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. |
| CVE-2020-28040 | 2020-10-31 | WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. |
| CVE-2020-28038 | 2020-10-31 | WordPress before 5.5.2 allows stored XSS via post slugs. |
| CVE-2020-28037 | 2020-10-31 | is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as... |
| CVE-2020-28036 | 2020-10-31 | wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. |
| CVE-2020-28034 | 2020-10-31 | WordPress before 5.5.2 allows XSS associated with global variables. |
| CVE-2020-28033 | 2020-10-31 | WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. |
| CVE-2020-28032 | 2020-10-31 | WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. |
| CVE-2020-15703 | 2020-10-31 | aptdaemon allows unprivileged users to test for the presence of local files via the transaction Locale property |
| CVE-2020-27992 | 2020-10-31 | Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users. |
| CVE-2020-27358 | 2020-10-31 | An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export... |
| CVE-2020-27359 | 2020-10-31 | A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename... |
| CVE-2020-5425 | 2020-10-31 | User Impersonation possible in Tanzu SSO |
| CVE-2020-28041 | 2020-11-01 | The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits... |
| CVE-2020-28042 | 2020-11-01 | ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature. |
| CVE-2020-28043 | 2020-11-01 | MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. |
| CVE-2020-25849 | 2020-11-01 | Openfind MailGates/MailAudit - Command Injection |
| CVE-2020-28046 | 2020-11-01 | An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation... |
| CVE-2020-28045 | 2020-11-01 | An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of... |
| CVE-2020-28044 | 2020-11-01 | An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read,... |