Lista CVE - 2020 / Gennaio
Visualizzazione 1601 - 1655 di 1655 CVE per Gennaio 2020 (Pagina 17 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-10782 | 2020-01-30 | All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658. |
| CVE-2020-8498 | 2020-01-30 | XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute... |
| CVE-2020-5232 | 2020-01-30 | Ethereum Name Service - Malicious takeover of previously owned ENS names |
| CVE-2019-18913 | 2020-01-31 | A potential security vulnerability with pre-boot DMA may allow unauthorized UEFI code execution using open-case attacks. This industry-wide issue requires physically accessing internal expansion slots with specialized hardware and software... |
| CVE-2020-5526 | 2020-01-31 | The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and... |
| CVE-2020-7914 | 2020-01-31 | In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3. |
| CVE-2020-7955 | 2020-01-31 | HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. |
| CVE-2020-7218 | 2020-01-31 | HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3. |
| CVE-2020-7219 | 2020-01-31 | HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. |
| CVE-2020-7956 | 2020-01-31 | HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. |
| CVE-2013-3322 | 2020-01-31 | NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to inject arbitrary commands in the Halt/Reboot interface. |
| CVE-2020-8440 | 2020-01-31 | controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume. |
| CVE-2019-19550 | 2020-01-31 | Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL. |
| CVE-2013-5112 | 2020-01-31 | Evernote before 5.5.1 has insecure PIN storage |
| CVE-2013-5114 | 2020-01-31 | LastPass prior to 2.5.1 allows secure wipe bypass. |
| CVE-2013-5113 | 2020-01-31 | LastPass prior to 2.5.1 has an insecure PIN implementation. |
| CVE-2013-5116 | 2020-01-31 | Evernote prior to 5.5.1 has insecure password change |
| CVE-2014-4860 | 2020-01-31 | Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions... |
| CVE-2014-4859 | 2020-01-31 | Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via... |
| CVE-2020-8422 | 2020-01-31 | An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all... |
| CVE-2019-4720 | 2020-01-31 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to... |
| CVE-2011-4088 | 2020-01-31 | ABRT might allow attackers to obtain sensitive information from crash reports. |
| CVE-2011-4117 | 2020-01-31 | The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files. |
| CVE-2011-4116 | 2020-01-31 | _is_safe in the File::Temp module for Perl does not properly handle symlinks. |
| CVE-2011-4115 | 2020-01-31 | Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. |
| CVE-2013-3488 | 2020-01-31 | Stack-based buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0.7858 allows remote attackers to execute arbitrary code via a crafted MPEG-2 Transport Stream (M2TS) file. |
| CVE-2013-3489 | 2020-01-31 | Buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before 1.7.0 allows remote attackers to execute arbitrary code via a crafted RealMedia .rm file |
| CVE-2020-5234 | 2020-01-31 | Untrusted data can lead to DoS attack in MessagePack for C# and Unity |
| CVE-2014-2843 | 2020-01-31 | Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2016-2031 | 2020-01-31 | Multiple vulnerabilities exists in Aruba Instate before 4.1.3.0 and 4.2.3.1 due to insufficient validation of user-supplied input and insufficient checking of parameters, which could allow a malicious user to bypass... |
| CVE-2019-12998 | 2020-01-31 | c-lightning before 0.7.1 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "It can be used for testing, but it should not be used... |
| CVE-2019-12999 | 2020-01-31 | Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control. |
| CVE-2019-13000 | 2020-01-31 | Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states "it is beta-quality software and don't put too much money in it." |
| CVE-2019-3016 | 2020-01-31 | In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest.... |
| CVE-2016-2032 | 2020-01-31 | A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user... |
| CVE-2020-8503 | 2020-01-31 | Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference (IDOR) by an authenticated sender because of an error in a file-upload feature.... |
| CVE-2014-3119 | 2020-01-31 | Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or... |
| CVE-2014-3868 | 2020-01-31 | Multiple SQL injection vulnerabilities in ZeusCart 4.x. |
| CVE-2014-5236 | 2020-01-31 | Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a... |
| CVE-2014-8321 | 2020-01-31 | Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors. |
| CVE-2014-8322 | 2020-01-31 | Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. |
| CVE-2020-8505 | 2020-01-31 | School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user. |
| CVE-2020-8504 | 2020-01-31 | School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to add an administrative user. |
| CVE-2015-6815 | 2020-01-31 | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service... |
| CVE-2014-8126 | 2020-01-31 | The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code. |
| CVE-2013-3565 | 2020-01-31 | Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command... |
| CVE-2014-8338 | 2020-01-31 | Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote attackers to inject arbitrary web script or HTML via a URL to a crafted... |
| CVE-2014-5039 | 2020-01-31 | Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-3809 | 2020-01-31 | Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2014-8139 | 2020-01-31 | Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument... |
| CVE-2014-8140 | 2020-01-31 | Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument... |
| CVE-2014-8141 | 2020-01-31 | Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument... |
| CVE-2014-2025 | 2020-01-31 | Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers... |
| CVE-2020-8512 | 2020-01-31 | In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter. |
| CVE-2020-8515 | 2020-02-01 | DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has... |
| CVE-2019-20446 | 2020-02-02 | In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern... |
| CVE-2020-8516 | 2020-02-02 | The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier... |
| CVE-2020-8514 | 2020-02-02 | An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to activate JavaScript in the context of the web application after invoking the... |
| CVE-2020-8508 | 2020-02-03 | nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled. |
| CVE-2020-3925 | 2020-02-03 | ServiSign Windows Versions- Remote Code Execution via LoadLibrary |
| CVE-2020-3926 | 2020-02-03 | ServiSign Windows Versions- Arbitrary File Access |
| CVE-2020-3927 | 2020-02-03 | ServiSign Windows Versions- Arbitrary File Deletion |
| CVE-2020-7471 | 2020-02-03 | Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads... |
| CVE-2019-18193 | 2020-02-03 | In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0. |
| CVE-2014-8328 | 2020-02-03 | The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request. |
| CVE-2013-2621 | 2020-02-03 | Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. |
| CVE-2020-7993 | 2020-02-03 | Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field. |
| CVE-2013-2622 | 2020-02-03 | Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php. |
| CVE-2013-2623 | 2020-02-03 | Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php. |
| CVE-2013-2624 | 2020-02-03 | Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request. |
| CVE-2013-2631 | 2020-02-03 | TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php. |
| CVE-2019-19119 | 2020-02-03 | An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine... |
| CVE-2020-8510 | 2020-02-03 | An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user... |
| CVE-2020-8545 | 2020-02-03 | Global.py in AIL framework 2.8 allows path traversal. |
| CVE-2019-11251 | 2020-02-03 | kubectl cp allows symlink directory traversal |
| CVE-2020-8547 | 2020-02-03 | phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical... |
| CVE-2019-16893 | 2020-02-03 | The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. |
| CVE-2020-8548 | 2020-02-03 | massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true). |
| CVE-2013-2646 | 2020-02-03 | TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability. |
| CVE-2013-2672 | 2020-02-03 | Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. |
| CVE-2020-8549 | 2020-02-03 | Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. |
| CVE-2019-4732 | 2020-02-03 | IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused... |
| CVE-2020-4224 | 2020-02-03 | IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID:... |
| CVE-2020-5182 | 2020-02-03 | The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener"... |
| CVE-2013-2673 | 2020-02-03 | Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. |
| CVE-2016-4676 | 2020-02-03 | A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. |
| CVE-2019-20174 | 2020-02-03 | Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder. |
| CVE-2013-2674 | 2020-02-03 | Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers. |
| CVE-2019-18567 | 2020-02-03 | Bromium client - out of bound read results in race condition causing Kernel memory leaks or denial of service |
| CVE-2020-8592 | 2020-02-03 | eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the Forgot Password feature). |
| CVE-2020-8591 | 2020-02-03 | eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. |
| CVE-2019-9501 | 2020-02-03 | Broadcom wl driver is vulnerable to heap buffer overflow |
| CVE-2019-9502 | 2020-02-03 | Broadcom wl driver is vulnerable to heap buffer overflow |
| CVE-2020-8597 | 2020-02-03 | eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. |
| CVE-2020-5235 | 2020-02-04 | Out-of-memory condition in Nanopb is potentially exploitable |
| CVE-2020-5236 | 2020-02-04 | Catastrophic backtracking in regex allows Denial of Service in Waitress |
| CVE-2020-3937 | 2020-02-04 | SysJust Syuan-Gu-Da-Shih-SQL injection |
| CVE-2020-3938 | 2020-02-04 | SysJust Syuan-Gu-Da-Shih -Request-Forgery |
| CVE-2020-3939 | 2020-02-04 | SysJust Syuan-Gu-Da-Shih -Cross-Site Scripting(XSS) |
| CVE-2011-4937 | 2020-02-04 | Joomla! 1.7.1 has core information disclosure due to inadequate error checking. |