Lista CVE - 2020 / Gennaio
Visualizzazione 201 - 300 di 1655 CVE per Gennaio 2020 (Pagina 3 di 17)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-14837 | 2020-01-07 | A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset... |
| CVE-2019-14843 | 2020-01-07 | A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed... |
| CVE-2013-5656 | 2020-01-07 | FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability |
| CVE-2019-14854 | 2020-01-07 | OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low... |
| CVE-2013-5657 | 2020-01-07 | AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request |
| CVE-2013-5658 | 2020-01-07 | AultWare pwStore 2010.8.30.0 has XSS |
| CVE-2019-14866 | 2020-01-07 | In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can... |
| CVE-2019-14819 | 2020-01-07 | A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user... |
| CVE-2014-8673 | 2020-01-07 | Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33. |
| CVE-2019-9465 | 2020-01-07 | In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional... |
| CVE-2019-6700 | 2020-01-07 | An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source... |
| CVE-2019-16154 | 2020-01-07 | An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of... |
| CVE-2019-10776 | 2020-01-07 | In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2. |
| CVE-2019-18386 | 2020-01-07 | Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication... |
| CVE-2020-5307 | 2020-01-07 | PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter... |
| CVE-2018-10465 | 2020-01-07 | Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with access to log in to Jamf Pro had full access to endpoints in the... |
| CVE-2020-5842 | 2020-01-07 | Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page. |
| CVE-2019-14906 | 2020-01-07 | A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and... |
| CVE-2019-6529 | 2020-01-07 | An attacker could specially craft an FTP request that could crash the PR100088 Modbus gateway versions prior to release R02 (or Software Version 1.1.13166). |
| CVE-2020-5841 | 2020-01-07 | An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker could perform SQL injection without authentication. |
| CVE-2019-18652 | 2020-01-07 | A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into... |
| CVE-2019-17146 | 2020-01-07 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link DCS-960L v1.07.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... |
| CVE-2019-17147 | 2020-01-07 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... |
| CVE-2019-17148 | 2020-01-07 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). An attacker must first obtain the ability to execute low-privileged code... |
| CVE-2019-17151 | 2020-01-07 | This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that... |
| CVE-2014-5209 | 2020-01-08 | An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. |
| CVE-2020-6163 | 2020-01-08 | The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because of improper template syntax within the PropertySuggestionsWidget template (in the templates/search/PropertySuggestionsWidget.mustache+dom file). |
| CVE-2019-20360 | 2020-01-08 | A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and... |
| CVE-2019-20361 | 2020-01-08 | There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind... |
| CVE-2020-6170 | 2020-01-08 | An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. |
| CVE-2014-1454 | 2020-01-08 | Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input |
| CVE-2014-1598 | 2020-01-08 | centurystar 7.12 ActiveX Control has a Stack Buffer Overflow |
| CVE-2019-20362 | 2020-01-08 | In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file. |
| CVE-2014-9908 | 2020-01-08 | A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558). |
| CVE-2019-14820 | 2020-01-08 | It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access... |
| CVE-2016-6593 | 2020-01-08 | A code-execution vulnerability exists during startup in jhi.dll and otpiha.dll in Symantec VIP Access Desktop before 2.2.2, which could let local malicious users execute arbitrary code. |
| CVE-2019-10778 | 2020-01-08 | devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part... |
| CVE-2016-6591 | 2020-01-08 | A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. |
| CVE-2014-1409 | 2020-01-08 | MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords |
| CVE-2020-0009 | 2020-01-08 | In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared... |
| CVE-2014-1860 | 2020-01-08 | Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities |
| CVE-2014-2072 | 2020-01-08 | Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks |
| CVE-2016-6590 | 2020-01-08 | A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7,... |
| CVE-2019-5188 | 2020-01-08 | A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code... |
| CVE-2016-6589 | 2020-01-08 | A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0. |
| CVE-2019-17076 | 2020-01-08 | An issue was discovered in Jamf Pro 9.x and 10.x before 10.15.1. Deserialization of untrusted data when parsing JSON in several APIs may cause Denial of Service (DoS), remote code... |
| CVE-2019-19518 | 2020-01-08 | CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands. |
| CVE-2019-19544 | 2020-01-08 | CA Automic Dollar Universe 5.3.3 contains a vulnerability, related to the uxdqmsrv binary being setuid root, that allows local attackers to elevate privileges. This vulnerability was reported to CA several... |
| CVE-2016-6588 | 2020-01-08 | A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0. |
| CVE-2019-10777 | 2020-01-08 | In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to... |
| CVE-2019-5082 | 2020-01-08 | An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12).... |
| CVE-2019-20366 | 2020-01-08 | An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via isTrustStore to Manage Store Contents. |
| CVE-2019-20365 | 2020-01-08 | An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via search to the Users/Group search page. |
| CVE-2019-20364 | 2020-01-08 | An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via cacheName to SystemCacheDetails.jsp. |
| CVE-2019-20363 | 2020-01-08 | An XSS issue was discovered in Ignite Realtime Openfire 4.4.4 via alias to Manage Store Contents. |
| CVE-2014-5287 | 2020-01-08 | A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). |
| CVE-2019-20367 | 2020-01-08 | nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). |
| CVE-2016-6586 | 2020-01-08 | A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary... |
| CVE-2016-6587 | 2020-01-08 | An Information Disclosure vulnerability exists in the mid.dat file stored on the SD card in Symantec Norton Mobile Security for Android before 3.16, which could let a local malicious user... |
| CVE-2019-19495 | 2020-01-08 | The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser.... |
| CVE-2020-5183 | 2020-01-08 | FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as... |
| CVE-2020-5510 | 2020-01-08 | PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file. |
| CVE-2020-5511 | 2020-01-08 | PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. |
| CVE-2016-6585 | 2020-01-08 | A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted... |
| CVE-2020-0001 | 2020-01-08 | In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for... |
| CVE-2020-0002 | 2020-01-08 | In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges... |
| CVE-2020-0003 | 2020-01-08 | In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2020-0004 | 2020-01-08 | In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges... |
| CVE-2020-0006 | 2020-01-08 | In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no... |
| CVE-2020-0007 | 2020-01-08 | In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2020-0008 | 2020-01-08 | In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2016-5346 | 2020-01-08 | An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on... |
| CVE-2020-6583 | 2020-01-08 | BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be leveraged for session hijacking. An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator... |
| CVE-2019-11745 | 2020-01-08 | When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could... |
| CVE-2019-11756 | 2020-01-08 | Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. |
| CVE-2019-11757 | 2020-01-08 | When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially... |
| CVE-2019-11758 | 2020-01-08 | Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine... |
| CVE-2019-11759 | 2020-01-08 | An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker... |
| CVE-2019-11760 | 2020-01-08 | A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird <... |
| CVE-2019-11761 | 2020-01-08 | By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object... |
| CVE-2019-11762 | 2020-01-08 | If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70,... |
| CVE-2019-11763 | 2020-01-08 | Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which... |
| CVE-2019-11764 | 2020-01-08 | Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that... |
| CVE-2019-11765 | 2020-01-08 | A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation... |
| CVE-2019-17000 | 2020-01-08 | An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly... |
| CVE-2020-6615 | 2020-01-08 | GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). |
| CVE-2020-6614 | 2020-01-08 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. |
| CVE-2020-6613 | 2020-01-08 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. |
| CVE-2020-6612 | 2020-01-08 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. |
| CVE-2020-6611 | 2020-01-08 | GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. |
| CVE-2020-6610 | 2020-01-08 | GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. |
| CVE-2020-6609 | 2020-01-08 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. |
| CVE-2019-17002 | 2020-01-08 | If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox... |
| CVE-2019-17005 | 2020-01-08 | The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption... |
| CVE-2019-17008 | 2020-01-08 | When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox... |
| CVE-2019-17009 | 2020-01-08 | When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the... |
| CVE-2019-17010 | 2020-01-08 | Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird... |
| CVE-2019-17011 | 2020-01-08 | Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects... |
| CVE-2019-17012 | 2020-01-08 | Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort... |
| CVE-2019-17013 | 2020-01-08 | Mozilla developers reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could... |