Lista CVE - 2020 / Febbraio
Visualizzazione 1001 - 1100 di 1397 CVE per Febbraio 2020 (Pagina 11 di 14)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-16994 | 2020-02-18 | An issue was discovered on PHOENIX CONTACT AXL F BK PN <=1.0.4, AXL F BK ETH <= 1.12, and AXL F BK ETH XC <= 1.11 devices and Bosch Rexroth... |
| CVE-2015-9543 | 2020-02-19 | An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to... |
| CVE-2015-0749 | 2020-02-19 | Cisco Unified Communications Manager Cross-Site Scripting Vulnerability |
| CVE-2011-2054 | 2020-02-19 | Cisco ASA Secondary Authentication Bypass Vulnerability |
| CVE-2019-20478 | 2020-02-19 | In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are... |
| CVE-2019-20477 | 2020-02-19 | PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this... |
| CVE-2016-1000004 | 2020-02-19 | Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and... |
| CVE-2016-1000005 | 2020-02-19 | mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior... |
| CVE-2016-1000109 | 2020-02-19 | HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment... |
| CVE-2014-3622 | 2020-02-19 | Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that... |
| CVE-2014-2228 | 2020-02-19 | The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. |
| CVE-2014-2727 | 2020-02-19 | The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection. |
| CVE-2012-6614 | 2020-02-19 | D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. |
| CVE-2012-1932 | 2020-02-19 | A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. |
| CVE-2012-6685 | 2020-02-19 | Nokogiri before 1.5.4 is vulnerable to XXE attacks |
| CVE-2019-4429 | 2020-02-19 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4457 | 2020-02-19 | IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the... |
| CVE-2019-4640 | 2020-02-19 | IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious... |
| CVE-2020-4135 | 2020-02-19 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a... |
| CVE-2020-4161 | 2020-02-19 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands.... |
| CVE-2020-4200 | 2020-02-19 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of... |
| CVE-2020-4204 | 2020-02-19 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could... |
| CVE-2020-4230 | 2020-02-19 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes... |
| CVE-2020-8824 | 2020-02-19 | Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Control > Add Managed Device screen. |
| CVE-2020-8959 | 2020-02-19 | Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking. |
| CVE-2020-8441 | 2020-02-19 | JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product. |
| CVE-2019-12437 | 2020-02-19 | In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does not completely mitigate the risk of CSRF in GraphQL mutations, |
| CVE-2019-12246 | 2020-02-19 | SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. |
| CVE-2012-0055 | 2020-02-19 | OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform... |
| CVE-2019-10797 | 2020-02-19 | Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled. |
| CVE-2019-17333 | 2020-02-19 | TIBCO EBX Exposes Cross-Site Scripting Vulnerability |
| CVE-2020-6062 | 2020-02-19 | An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service.... |
| CVE-2020-6061 | 2020-02-19 | An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other... |
| CVE-2020-3163 | 2020-02-19 | Cisco Unified Contact Center Enterprise Denial of Service Vulnerability |
| CVE-2020-3160 | 2020-02-19 | Cisco Meeting Server Extensible Messaging and Presence Protocol Denial of Service Vulnerability |
| CVE-2020-3159 | 2020-02-19 | Cisco Finesse Web-Based Management Interface Cross-Site Scripting Vulnerability |
| CVE-2020-3158 | 2020-02-19 | Cisco Smart Software Manager On-Prem Static Default Credential Vulnerability |
| CVE-2020-3156 | 2020-02-19 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2020-3154 | 2020-02-19 | Cisco Cloud Web Security SQL Injection Vulnerability |
| CVE-2020-3153 | 2020-02-19 | Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability |
| CVE-2020-3138 | 2020-02-19 | Cisco Enterprise NFV Infrastructure Software Remote Code Execution Vulnerability |
| CVE-2020-3132 | 2020-02-19 | Cisco Email Security Appliance Shortened URL Denial of Service Vulnerability |
| CVE-2020-3114 | 2020-02-19 | Cisco Data Center Network Manager Cross-Site Request Forgery Vulnerability |
| CVE-2020-3112 | 2020-02-19 | Cisco Data Center Network Manager Privilege Escalation Vulnerability |
| CVE-2020-3113 | 2020-02-19 | Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability |
| CVE-2014-9606 | 2020-02-19 | Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server... |
| CVE-2014-9607 | 2020-02-19 | Cross-site scripting (XSS) vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. |
| CVE-2014-9608 | 2020-02-19 | Cross-site scripting (XSS) vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
| CVE-2014-9609 | 2020-02-19 | Directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the... |
| CVE-2014-9612 | 2020-02-19 | SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter. |
| CVE-2014-9613 | 2020-02-19 | Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php. |
| CVE-2019-1950 | 2020-02-19 | Cisco IOS XE SD-WAN Software Default Credentials Vulnerability |
| CVE-2014-9614 | 2020-02-19 | The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request... |
| CVE-2014-9615 | 2020-02-19 | Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. |
| CVE-2014-9617 | 2020-02-19 | Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. |
| CVE-2020-3945 | 2020-02-19 | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) contains an information disclosure vulnerability due to incorrect pairing implementation between the vRealize Operations for Horizon... |
| CVE-2020-3944 | 2020-02-19 | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has... |
| CVE-2020-3943 | 2020-02-19 | vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has... |
| CVE-2020-6970 | 2020-02-19 | A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1... |
| CVE-2015-7747 | 2020-02-19 | Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary... |
| CVE-2020-7942 | 2020-02-19 | Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything... |
| CVE-2013-2018 | 2020-02-19 | Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2019-20479 | 2020-02-20 | A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. |
| CVE-2020-9283 | 2020-02-20 | golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can... |
| CVE-2016-3182 | 2020-02-20 | The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file. |
| CVE-2014-4660 | 2020-02-20 | Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic... |
| CVE-2014-4678 | 2020-02-20 | The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because... |
| CVE-2015-2923 | 2020-02-20 | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router... |
| CVE-2014-3484 | 2020-02-20 | Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an... |
| CVE-2012-2629 | 2020-02-20 | Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an... |
| CVE-2011-2498 | 2020-02-20 | The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. |
| CVE-2020-9308 | 2020-02-20 | archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly... |
| CVE-2012-5366 | 2020-02-20 | The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement... |
| CVE-2012-5364 | 2020-02-20 | The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries. |
| CVE-2012-5365 | 2020-02-20 | The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets... |
| CVE-2012-5362 | 2020-02-20 | The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than... |
| CVE-2012-5363 | 2020-02-20 | The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year 2012 and earlier) allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages,... |
| CVE-2014-4657 | 2020-02-20 | The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. |
| CVE-2014-4658 | 2020-02-20 | The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by... |
| CVE-2014-4659 | 2020-02-20 | Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/"... |
| CVE-2020-9272 | 2020-02-20 | ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. |
| CVE-2020-9273 | 2020-02-20 | In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. |
| CVE-2014-7951 | 2020-02-20 | Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary... |
| CVE-2019-19741 | 2020-02-20 | Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe... |
| CVE-2014-4650 | 2020-02-20 | The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source... |
| CVE-2015-4411 | 2020-02-20 | The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue... |
| CVE-2015-4410 | 2020-02-20 | The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted... |
| CVE-2019-4583 | 2020-02-20 | IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force... |
| CVE-2019-4752 | 2020-02-20 | IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could... |
| CVE-2011-4915 | 2020-02-20 | fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. |
| CVE-2011-0699 | 2020-02-20 | Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact... |
| CVE-2014-4019 | 2020-02-20 | ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request... |
| CVE-2012-3351 | 2020-02-20 | Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3)... |
| CVE-2020-3764 | 2020-02-20 | Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-3765 | 2020-02-20 | Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-6977 | 2020-02-20 | A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access... |
| CVE-2020-6968 | 2020-02-20 | Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. |
| CVE-2020-9318 | 2020-02-20 | Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in... |
| CVE-2019-11189 | 2020-02-20 | Authentication Bypass by Spoofing in org.onosproject.acl (access control) and org.onosproject.mobility (host mobility) in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To... |
| CVE-2019-16297 | 2020-02-20 | An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED,... |