Lista CVE - 2020 / Febbraio
Visualizzazione 801 - 900 di 1397 CVE per Febbraio 2020 (Pagina 9 di 14)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2019-14598 | 2020-02-13 | Improper Authentication in subsystem in Intel(R) CSME versions 12.0 through 12.0.48 (IOT only: 12.0.56), versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable... |
| CVE-2014-4198 | 2020-02-13 | A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a... |
| CVE-2012-5623 | 2020-02-13 | Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. |
| CVE-2014-4170 | 2020-02-13 | A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify... |
| CVE-2014-3919 | 2020-02-13 | A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. |
| CVE-2012-6091 | 2020-02-13 | Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information disclosure vulnerability. |
| CVE-2014-3208 | 2020-02-13 | A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery), |
| CVE-2015-3309 | 2020-02-13 | Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot)... |
| CVE-2019-3998 | 2020-02-13 | Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to. |
| CVE-2015-6589 | 2020-02-13 | Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and... |
| CVE-2013-1400 | 2020-02-13 | Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or... |
| CVE-2020-8989 | 2020-02-13 | In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices,... |
| CVE-2020-8988 | 2020-02-13 | The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database)... |
| CVE-2013-1401 | 2020-02-13 | Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer... |
| CVE-2013-1634 | 2020-02-13 | A denial of service vulnerability exists in some motherboard implementations of Intel e1000e/82574L network controller devices through 2013-02-06 where the device can be brought into a non-processing state when parsing... |
| CVE-2014-1617 | 2020-02-13 | Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service. |
| CVE-2013-7287 | 2020-02-13 | MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. |
| CVE-2013-7173 | 2020-02-13 | Belkin n750 routers have a buffer overflow. |
| CVE-2020-8844 | 2020-02-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8845 | 2020-02-13 | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8846 | 2020-02-13 | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8847 | 2020-02-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8848 | 2020-02-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8849 | 2020-02-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8850 | 2020-02-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8851 | 2020-02-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8852 | 2020-02-13 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8853 | 2020-02-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8854 | 2020-02-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8855 | 2020-02-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8856 | 2020-02-13 | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8857 | 2020-02-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2020-8858 | 2020-02-13 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists... |
| CVE-2013-7098 | 2020-02-13 | OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection. |
| CVE-2013-6927 | 2020-02-13 | Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account. |
| CVE-2013-6362 | 2020-02-13 | Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and shell user accounts. |
| CVE-2013-6360 | 2020-02-13 | TRENDnet TS-S402 has a backdoor to enable TELNET. |
| CVE-2013-6277 | 2020-02-13 | QNAP VioCard 300 has hardcoded RSA private keys. |
| CVE-2013-5687 | 2020-02-13 | RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean contains a service information disclosure. |
| CVE-2013-5212 | 2020-02-13 | Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file. |
| CVE-2013-4792 | 2020-02-13 | PrestaShop before 1.4.11 allows logout CSRF. |
| CVE-2013-4791 | 2020-02-13 | PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. |
| CVE-2016-2338 | 2020-02-14 | An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed... |
| CVE-2019-20454 | 2020-02-14 | An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE... |
| CVE-2020-8992 | 2020-02-14 | ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. |
| CVE-2020-8991 | 2020-02-14 | vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s... |
| CVE-2020-5532 | 2020-02-14 | ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for iOS prior to version 1.2.01) allows an attacker on the same network segment to bypass authentication... |
| CVE-2020-7251 | 2020-02-14 | ESConfig Tool able to edit configuration for newer version |
| CVE-2019-20455 | 2020-02-14 | Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations. |
| CVE-2018-21033 | 2020-02-14 | A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an... |
| CVE-2018-21032 | 2020-02-14 | A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi Automation Director prior to 8.5.0-00 allow authenticated remote users to expose technical information through error messages. Hitachi Command Suite... |
| CVE-2019-20046 | 2020-02-14 | The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. The affected product does not require adequate authentication, which... |
| CVE-2019-20045 | 2020-02-14 | The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. Specially crafted malicious packets could cause disconnection of active... |
| CVE-2019-19879 | 2020-02-14 | HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2. |
| CVE-2019-19757 | 2020-02-14 | An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code... |
| CVE-2019-19758 | 2020-02-14 | A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user... |
| CVE-2019-6190 | 2020-02-14 | Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to... |
| CVE-2019-6193 | 2020-02-14 | An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys,... |
| CVE-2019-6194 | 2020-02-14 | An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure. |
| CVE-2019-6195 | 2020-02-14 | An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only... |
| CVE-2019-11215 | 2020-02-14 | In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many conditions... |
| CVE-2020-8611 | 2020-02-14 | In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain... |
| CVE-2020-8612 | 2020-02-14 | In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary... |
| CVE-2020-8843 | 2020-02-14 | An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that... |
| CVE-2020-8594 | 2020-02-14 | The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format]. |
| CVE-2013-4211 | 2020-02-14 | A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code |
| CVE-2019-13965 | 2020-02-14 | Because of a lack of sanitization around error messages, multiple Reflective XSS issues exist in iTop through 2.6.0 via the param_file parameter to webservices/export.php, webservices/cron.php, or env-production/itop-backup/backup.php. By default, any... |
| CVE-2019-13966 | 2020-02-14 | In iTop through 2.6.0, an XSS payload can be delivered in certain fields (such as icon) of the XML file used to build the dashboard. This is similar to CVE-2015-6544... |
| CVE-2019-13967 | 2020-02-14 | iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of service (application outage) via many requests to launch a compile operation. The requests use the pages/exec.php?exec_env=production&exec_module=itop-hub-connector&exec_page=ajax.php&operation=compile URI. This... |
| CVE-2019-4392 | 2020-02-14 | HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded credentials which can be exploited by attackers to get unauthorized access to the system. |
| CVE-2020-6068 | 2020-02-14 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in... |
| CVE-2019-5187 | 2020-02-14 | An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting... |
| CVE-2019-15592 | 2020-02-14 | GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity... |
| CVE-2020-8129 | 2020-02-14 | An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code. |
| CVE-2019-15594 | 2020-02-14 | GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint. |
| CVE-2020-8128 | 2020-02-14 | An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code. |
| CVE-2020-7050 | 2020-02-15 | Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the... |
| CVE-2020-8996 | 2020-02-16 | AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI. |
| CVE-2020-8997 | 2020-02-16 | Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present... |
| CVE-2019-20456 | 2020-02-16 | Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation... |
| CVE-2020-9007 | 2020-02-16 | Codoforum 4.8.8 allows self-XSS via the title of a new topic. |
| CVE-2020-9012 | 2020-02-16 | A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. |
| CVE-2020-9013 | 2020-02-16 | Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code. |
| CVE-2020-9016 | 2020-02-16 | Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header. |
| CVE-2015-5215 | 2020-02-17 | The default configuration of the Jinja templating engine used in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote... |
| CVE-2019-10790 | 2020-02-17 | taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any... |
| CVE-2020-9034 | 2020-02-17 | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. |
| CVE-2020-9033 | 2020-02-17 | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. |
| CVE-2020-9032 | 2020-02-17 | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. |
| CVE-2020-9031 | 2020-02-17 | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. |
| CVE-2020-9030 | 2020-02-17 | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. |
| CVE-2020-9029 | 2020-02-17 | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. |
| CVE-2020-9028 | 2020-02-17 | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen... |
| CVE-2020-9027 | 2020-02-17 | ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected. |
| CVE-2020-9026 | 2020-02-17 | ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected. |
| CVE-2020-9025 | 2020-02-17 | Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script. |
| CVE-2020-9024 | 2020-02-17 | Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. |
| CVE-2020-9023 | 2020-02-17 | Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse).... |
| CVE-2020-9022 | 2020-02-17 | An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS. |
| CVE-2020-9021 | 2020-02-17 | Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. |