Lista CVE - 2020 / Novembre
Visualizzazione 101 - 200 di 1246 CVE per Novembre 2020 (Pagina 2 di 13)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-4349 | 2020-11-03 | IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 applications can be installed on a deprecated operating system version that could compromised the confidentiality and integrity of the service. IBM X-Force... |
| CVE-2020-4649 | 2020-11-03 | IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Workspace 57 could expose data to non-privleged users by not invalidating TM1Web user sessions. IBM X-Force ID: 186022. |
| CVE-2020-4785 | 2020-11-03 | IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to... |
| CVE-2020-26210 | 2020-11-03 | Cross-Site Scripting in BookStack |
| CVE-2020-1908 | 2020-11-03 | Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even... |
| CVE-2020-1909 | 2020-11-03 | A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially... |
| CVE-2020-26211 | 2020-11-03 | Cross-Site Scripting in BookStack |
| CVE-2020-28049 | 2020-11-04 | An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to... |
| CVE-2020-2299 | 2020-11-04 | Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password. |
| CVE-2020-2300 | 2020-11-04 | Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user... |
| CVE-2020-2301 | 2020-11-04 | Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional... |
| CVE-2020-2302 | 2020-11-04 | A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page. |
| CVE-2020-2303 | 2020-11-04 | A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using... |
| CVE-2020-2304 | 2020-11-04 | Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2020-2305 | 2020-11-04 | Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2020-2306 | 2020-11-04 | A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations. |
| CVE-2020-2307 | 2020-11-04 | Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege users to access possibly sensitive Jenkins controller environment variables. |
| CVE-2020-2308 | 2020-11-04 | A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names. |
| CVE-2020-2309 | 2020-11-04 | A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2020-2310 | 2020-11-04 | Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2020-2311 | 2020-11-04 | A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration. |
| CVE-2020-2312 | 2020-11-04 | Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask a password provided as command line argument in build logs. |
| CVE-2020-2313 | 2020-11-04 | A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2020-2314 | 2020-11-04 | Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the... |
| CVE-2020-2315 | 2020-11-04 | Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2020-2316 | 2020-11-04 | Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. |
| CVE-2020-2317 | 2020-11-04 | Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotation message in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide report files... |
| CVE-2020-2318 | 2020-11-04 | Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended... |
| CVE-2020-2319 | 2020-11-04 | Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a password unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with... |
| CVE-2020-26167 | 2020-11-04 | In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. |
| CVE-2020-22278 | 2020-11-04 | phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents. |
| CVE-2020-22276 | 2020-11-04 | WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry. |
| CVE-2020-22277 | 2020-11-04 | Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. |
| CVE-2020-22275 | 2020-11-04 | Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the... |
| CVE-2020-22273 | 2020-11-04 | Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings) |
| CVE-2020-22274 | 2020-11-04 | JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile. |
| CVE-2020-8037 | 2020-11-04 | ppp decapsulator can be convinced to allocate a large amount of memory |
| CVE-2020-8036 | 2020-11-04 | str2tokbuf used incorrectly by print-someip.c |
| CVE-2020-7129 | 2020-11-04 | A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. |
| CVE-2020-7128 | 2020-11-04 | A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. |
| CVE-2019-7356 | 2020-11-04 | Subrion CMS v4.2.1 allows XSS via the panel/phrases/ VALUE parameter. |
| CVE-2020-27689 | 2020-11-04 | The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains undocumented default admin credentials for the web management interface. A remote attacker could exploit this vulnerability to login and... |
| CVE-2020-27690 | 2020-11-04 | The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large... |
| CVE-2020-27691 | 2020-11-04 | The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 allows XSS via URLBlocking Settings, SNMP Settings, and System Log Settings. |
| CVE-2020-27692 | 2020-11-04 | The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains multiple CSRF vulnerabilities within its web management portal. Attackers can, for example, use this to update the TR-069 configuration... |
| CVE-2020-26207 | 2020-11-04 | Unsafe deserialization in DatabaseSchemaViewer |
| CVE-2020-25201 | 2020-11-04 | HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and... |
| CVE-2020-25662 | 2020-11-05 | A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This... |
| CVE-2020-27387 | 2020-11-05 | An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP... |
| CVE-2020-7761 | 2020-11-05 | Regular Expression Denial of Service (ReDoS) |
| CVE-2020-7762 | 2020-11-05 | Arbitrary File Read |
| CVE-2020-7763 | 2020-11-05 | Arbitrary File Read |
| CVE-2020-24849 | 2020-11-05 | A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to... |
| CVE-2020-27402 | 2020-11-05 | The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or... |
| CVE-2020-15952 | 2020-11-05 | Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or... |
| CVE-2020-15951 | 2020-11-05 | Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage... |
| CVE-2020-15949 | 2020-11-05 | Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover. |
| CVE-2020-15950 | 2020-11-05 | Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout. |
| CVE-2020-28047 | 2020-11-05 | AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended security configuration parameter "unique_error_numbers" is not set, remote attackers can inject arbitrary web script or HTML via 'action,... |
| CVE-2020-27955 | 2020-11-05 | Git LFS 2.12.0 allows Remote Code Execution. |
| CVE-2020-28115 | 2020-11-05 | SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an attacker to execute arbitrary SQL commands via the object_path parameter. |
| CVE-2020-27688 | 2020-11-05 | RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt() method... |
| CVE-2020-26506 | 2020-11-05 | An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were... |
| CVE-2020-25399 | 2020-11-05 | Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat. |
| CVE-2020-25398 | 2020-11-05 | CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality. |
| CVE-2020-14240 | 2020-11-05 | HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to... |
| CVE-2020-4097 | 2020-11-05 | In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1,... |
| CVE-2018-1725 | 2020-11-05 | IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440. |
| CVE-2020-14222 | 2020-11-05 | HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to... |
| CVE-2020-26505 | 2020-11-05 | A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they... |
| CVE-2020-26507 | 2020-11-05 | A CSV Injection (also known as Formula Injection) vulnerability in the Marmind web application with version 4.1.141.0 allows malicious users to gain remote control of other computers. By providing formula... |
| CVE-2020-13661 | 2020-11-05 | Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program.... |
| CVE-2020-8267 | 2020-11-05 | A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to... |
| CVE-2020-12145 | 2020-11-05 | Silver Peak Unity OrchestratorTM authentication can be subverted through manipulation of HTTP headers. |
| CVE-2020-12147 | 2020-11-05 | Unauthorized queries against the Silver Peak Unity OrchestratorTM MySQL database. |
| CVE-2020-12146 | 2020-11-05 | Silver Peak Unity OrchestratorTM subject to path traversal. |
| CVE-2020-5793 | 2020-11-05 | A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a... |
| CVE-2020-5939 | 2020-11-05 | In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and 13.1.0-13.1.3.4, BIG-IP Virtual Edition (VE) systems on VMware, with an Intel-based 85299 Network Interface Controller (NIC) card and Single Root I/O Virtualization (SR-IOV)... |
| CVE-2020-5942 | 2020-11-05 | In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when processing Capabilities-Exchange-Answer (CEA) packets with certain attributes from the Policy and Charging Rules Function (PCRF) server, the Traffic... |
| CVE-2020-5941 | 2020-11-05 | On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESOLV::lookup command within an iRule may cause the Traffic Management Microkernel (TMM) to generate a core file and restart. This issue occurs... |
| CVE-2020-5940 | 2020-11-05 | In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP... |
| CVE-2020-5945 | 2020-11-05 | In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability (XSS). The issue allows a minor privilege escalation for resource admin to escalate... |
| CVE-2020-5943 | 2020-11-05 | In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a... |
| CVE-2020-5944 | 2020-11-05 | In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service... |
| CVE-2020-5946 | 2020-11-05 | In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, under some circumstances, certain format client-side alerts sent to the BIG-IP virtual server configured with DataSafe may cause the... |
| CVE-2020-24426 | 2020-11-05 | Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2020-24427 | 2020-11-05 | Acrobat Reader DC Codec Input Validation Vulnerability Could Lead to Information Disclosure |
| CVE-2020-24437 | 2020-11-05 | Acrobat Reader DC Use-After-Free Vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2020-24428 | 2020-11-05 | Acrobat Reader DC for macOS Race Condition Vulnerability Could Lead to Privilege Escalation |
| CVE-2020-24431 | 2020-11-05 | Acrobat Reader DC for macOS Dynamic Library Injection Vulnerability |
| CVE-2020-24429 | 2020-11-05 | Acrobat Reader DC for macOS Signature Verification Bypass Could Lead to Privilege Escalation |
| CVE-2020-24430 | 2020-11-05 | Acrobat Pro DC Use-After-Free vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2020-24432 | 2020-11-05 | Acrobat Reader DC Arbitrary JavaScript Execution in PDF Documents |
| CVE-2020-24435 | 2020-11-05 | Acrobat Reader DC Heap-based Buffer Overflow Could Lead to Arbitrary Code Execution |
| CVE-2020-24434 | 2020-11-05 | Acrobat Pro DC Out-Of-Bounds Read Vulnerability Could Lead to Information Disclosure |
| CVE-2020-24438 | 2020-11-05 | Acrobat Reader DC Use-After-Free Vulnerability Could Lead to Information Disclosure |
| CVE-2020-24433 | 2020-11-05 | Adobe Acrobat Reader DC Local Privilege Escalation via Installer Component |
| CVE-2020-24439 | 2020-11-05 | Acrobat Reader DC for macOS Signature Validation Bypass |
| CVE-2020-24436 | 2020-11-05 | Acrobat Pro DC PDF Export Out-Of-Bounds Write Vulnerability Could Lead to Arbitrary Code Execution |
| CVE-2020-6015 | 2020-11-05 | Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard... |