Lista CVE - 2020 / Novembre
Visualizzazione 201 - 300 di 1246 CVE per Novembre 2020 (Pagina 3 di 13)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-25661 | 2020-11-05 | A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. This flaw allows a remote attacker in... |
| CVE-2020-13536 | 2020-11-05 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to... |
| CVE-2020-13537 | 2020-11-05 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to... |
| CVE-2020-7207 | 2020-11-05 | A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the... |
| CVE-2020-17510 | 2020-11-05 | Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. |
| CVE-2020-25837 | 2020-11-05 | Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could... |
| CVE-2020-6877 | 2020-11-05 | A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally... |
| CVE-2020-15708 | 2020-11-06 | Libvirt Service Arbitrary File Write Privilege Escalation Vulnerability |
| CVE-2020-5643 | 2020-11-06 | Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector. |
| CVE-2020-5644 | 2020-11-06 | Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE... |
| CVE-2020-5645 | 2020-11-06 | Session fixation vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE... |
| CVE-2020-5646 | 2020-11-06 | NULL pointer dereferences vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier,... |
| CVE-2020-5647 | 2020-11-06 | Improper access control vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version ’05.65.00.BD’ and earlier, GT1450-QMBDE CoreOS version ’05.65.00.BD’ and earlier,... |
| CVE-2020-5648 | 2020-11-06 | Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and... |
| CVE-2020-5649 | 2020-11-06 | Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier,... |
| CVE-2020-5667 | 2020-11-06 | Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS v8.29.0 and earlier use a hard-coded API key for an external service. By exploiting this vulnerability, API key... |
| CVE-2020-27347 | 2020-11-06 | tmux stack buffer overflow in function input_csi_dispatch_sgr_colon |
| CVE-2020-28241 | 2020-11-06 | libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. |
| CVE-2020-28242 | 2020-11-06 | An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged... |
| CVE-2020-28249 | 2020-11-06 | Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. |
| CVE-2020-28250 | 2020-11-06 | Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side. |
| CVE-2020-28196 | 2020-11-06 | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion... |
| CVE-2020-16846 | 2020-11-06 | An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. |
| CVE-2020-17490 | 2020-11-06 | The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. |
| CVE-2020-25592 | 2020-11-06 | In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. |
| CVE-2020-26521 | 2020-11-06 | The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). |
| CVE-2020-26892 | 2020-11-06 | The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. |
| CVE-2020-27152 | 2020-11-06 | An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioapic.c in the Linux kernel before 5.9.2. It has an infinite loop related to improper interaction between a resampler and edge triggering, aka... |
| CVE-2020-27616 | 2020-11-06 | ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. |
| CVE-2020-27617 | 2020-11-06 | eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer... |
| CVE-2020-10292 | 2020-11-06 | Service DoS through arbitrary pointer dereferencing on KUKA simulator |
| CVE-2020-10291 | 2020-11-06 | RVD#3336: System information disclosure without authentication on KUKA simulators |
| CVE-2020-27589 | 2020-11-06 | Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. |
| CVE-2020-26883 | 2020-11-06 | In Play Framework 2.6.0 through 2.8.2, stack consumption can occur because of unbounded recursion during parsing of crafted JSON documents. |
| CVE-2020-27196 | 2020-11-06 | An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure... |
| CVE-2020-26882 | 2020-11-06 | In Play Framework 2.6.0 through 2.8.2, data amplification can occur when an application accepts multipart/form-data JSON input. |
| CVE-2020-4482 | 2020-11-06 | IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated user to bypass security. A user with access to a snapshot could apply unauthorized additional statuses via... |
| CVE-2020-4483 | 2020-11-06 | IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This... |
| CVE-2020-4484 | 2020-11-06 | IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID:... |
| CVE-2020-5795 | 2020-11-06 | UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive... |
| CVE-2020-7198 | 2020-11-06 | There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy... |
| CVE-2020-8580 | 2020-11-06 | SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which allows an unauthenticated attacker with access to the system to cause a Denial of Service (DoS). |
| CVE-2020-8577 | 2020-11-06 | SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. |
| CVE-2020-25170 | 2020-11-06 | B. Braun OnlineSuite |
| CVE-2020-25174 | 2020-11-06 | B. Braun OnlineSuite |
| CVE-2020-25172 | 2020-11-06 | B. Braun OnlineSuite |
| CVE-2020-5794 | 2020-11-06 | A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially... |
| CVE-2020-26213 | 2020-11-06 | Denial of Service in teler |
| CVE-2017-18926 | 2020-11-06 | raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). |
| CVE-2020-26214 | 2020-11-06 | LDAP authentication bypass in Alerta |
| CVE-2020-28327 | 2020-11-06 | A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a... |
| CVE-2020-26083 | 2020-11-06 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2020-26084 | 2020-11-06 | Cisco Edge Fog Fabric Resource Exposure Vulnerability |
| CVE-2020-26086 | 2020-11-06 | Cisco TelePresence Collaboration Endpoint Software Information Disclosure Vulnerability |
| CVE-2020-27121 | 2020-11-06 | Cisco Unified Communications Manager IM and Presence Service Denial of Service Vulnerability |
| CVE-2020-27122 | 2020-11-06 | Cisco Identity Services Engine Privilege Escalation Vulnerability |
| CVE-2020-27123 | 2020-11-06 | Cisco AnyConnect Secure Mobility Client for Windows Arbitrary File Read Vulnerability |
| CVE-2020-27128 | 2020-11-06 | Cisco SD-WAN vManage Software Arbitrary File Creation Vulnerability |
| CVE-2020-27129 | 2020-11-06 | Cisco SD-WAN vManage Software Command Injection Vulnerability |
| CVE-2020-3284 | 2020-11-06 | Cisco IOS XR Software Enhanced Preboot eXecution Environment Unsigned Code Execution Vulnerability |
| CVE-2020-3371 | 2020-11-06 | Cisco Integrated Management Controller Command Injection Vulnerability |
| CVE-2020-3444 | 2020-11-06 | Cisco SD-WAN Software Packet Filtering Bypass Vulnerability |
| CVE-2020-3551 | 2020-11-06 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2020-3556 | 2020-11-06 | Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability |
| CVE-2020-3573 | 2020-11-06 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3574 | 2020-11-06 | Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability |
| CVE-2020-3579 | 2020-11-06 | Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability |
| CVE-2020-3587 | 2020-11-06 | Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability |
| CVE-2020-3588 | 2020-11-06 | Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability |
| CVE-2020-3590 | 2020-11-06 | Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability |
| CVE-2020-3591 | 2020-11-06 | Cisco SD-WAN vManage Cross-Site Scripting Vulnerability |
| CVE-2020-3592 | 2020-11-06 | Cisco SD-WAN vManage Software Authorization Bypass Vulnerability |
| CVE-2020-3593 | 2020-11-06 | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2020-3594 | 2020-11-06 | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2020-3595 | 2020-11-06 | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2020-3600 | 2020-11-06 | Cisco SD-WAN Software Privilege Escalation Vulnerability |
| CVE-2020-3603 | 2020-11-06 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3604 | 2020-11-06 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2020-28328 | 2020-11-06 | SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled... |
| CVE-2020-28168 | 2020-11-06 | Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to... |
| CVE-2020-15259 | 2020-11-06 | CSRF in Auth0 ad-ldap-connector |
| CVE-2020-16121 | 2020-11-07 | PackageKit error messages leak presence and mimetype of files to unprivileged users |
| CVE-2020-16122 | 2020-11-07 | Packagekit's apt backend lets user install untrusted local packages |
| CVE-2020-28339 | 2020-11-07 | The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain. |
| CVE-2020-28342 | 2020-11-08 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (China / India) software. The S Secure application allows attackers to bypass authentication for a locked Gallery application... |
| CVE-2020-28343 | 2020-11-08 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of... |
| CVE-2020-28341 | 2020-11-08 | An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive... |
| CVE-2020-28340 | 2020-11-08 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546... |
| CVE-2020-28345 | 2020-11-08 | An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID... |
| CVE-2020-28344 | 2020-11-08 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check.... |
| CVE-2020-7764 | 2020-11-08 | Web Cache Poisoning |
| CVE-2020-28347 | 2020-11-08 | tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for... |
| CVE-2020-24400 | 2020-11-09 | SQL injection allows arbitrary read from database |
| CVE-2020-24402 | 2020-11-09 | Incorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST API |
| CVE-2020-24401 | 2020-11-09 | Incorrect permissions following the deletion of a user role or deactivation of a user |
| CVE-2020-24403 | 2020-11-09 | Incorrect permissions could lead to unauthorized modification of inventory source data via REST API |
| CVE-2020-24405 | 2020-11-09 | Incorrect permissions in Inventory module could lead to unauthorized modification of inventory stock data |
| CVE-2020-24406 | 2020-11-09 | Document root path disclosure on Maintenance page |
| CVE-2020-24407 | 2020-11-09 | Arbitrary code execution via file import functionality |
| CVE-2020-24404 | 2020-11-09 | Incorrect permissions in Integrations component could lead to unauthorized deletion of cmsPages via REST API |