Lista CVE - 2020 / Febbraio
Visualizzazione 101 - 200 di 1397 CVE per Febbraio 2020 (Pagina 2 di 14)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-6058 | 2020-02-04 | An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result... |
| CVE-2020-6059 | 2020-02-04 | An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory... |
| CVE-2020-6060 | 2020-02-04 | A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a... |
| CVE-2015-3612 | 2020-02-04 | A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. |
| CVE-2015-3613 | 2020-02-04 | A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page |
| CVE-2020-8449 | 2020-02-04 | An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security... |
| CVE-2020-8450 | 2020-02-04 | An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. |
| CVE-2020-8517 | 2020-02-04 | An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems... |
| CVE-2019-10788 | 2020-02-04 | im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the "exec" argument. It is possible to inject arbitrary commands as part of the metadata options which is given... |
| CVE-2019-12528 | 2020-02-04 | An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users'... |
| CVE-2015-2802 | 2020-02-04 | An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem... |
| CVE-2019-10787 | 2020-02-04 | im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization. |
| CVE-2019-10786 | 2020-02-04 | network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument. |
| CVE-2020-8631 | 2020-02-05 | cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. |
| CVE-2020-8632 | 2020-02-05 | In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. |
| CVE-2020-5237 | 2020-02-05 | Relative Path Traversal in oneup/uploader-bundle |
| CVE-2020-5208 | 2020-02-05 | remote code execution vulnerability in ipmitool |
| CVE-2020-7216 | 2020-02-05 | An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. |
| CVE-2020-8114 | 2020-02-05 | GitLab EE 8.9 and later through 12.7.2 has Insecure Permission |
| CVE-2020-7979 | 2020-02-05 | GitLab EE 8.9 and later through 12.7.2 has Insecure Permission |
| CVE-2020-6969 | 2020-02-05 | It is possible to unmask credentials and other sensitive information on “unprotected” project files, which may allow an attacker to remotely access the C-More Touch Panels EA9 series: firmware versions... |
| CVE-2020-8507 | 2020-02-05 | The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics. |
| CVE-2019-16203 | 2020-02-05 | Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the... |
| CVE-2019-16204 | 2020-02-05 | Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server. |
| CVE-2020-8506 | 2020-02-05 | The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics. |
| CVE-2019-4613 | 2020-02-05 | IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM... |
| CVE-2019-4616 | 2020-02-05 | IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http://... |
| CVE-2019-4670 | 2020-02-05 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper data representation. IBM X-Force ID: 171319. |
| CVE-2020-7978 | 2020-02-05 | GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. |
| CVE-2020-7977 | 2020-02-05 | GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. |
| CVE-2013-0507 | 2020-02-05 | IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability |
| CVE-2020-7976 | 2020-02-05 | GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. |
| CVE-2020-6174 | 2020-02-05 | TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. |
| CVE-2020-7974 | 2020-02-05 | GitLab EE 10.1 through 12.7.2 allows Information Disclosure. |
| CVE-2020-7973 | 2020-02-05 | GitLab through 12.7.2 allows XSS. |
| CVE-2020-7972 | 2020-02-05 | GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). |
| CVE-2020-7971 | 2020-02-05 | GitLab EE 11.0 and later through 12.7.2 allows XSS. |
| CVE-2020-7969 | 2020-02-05 | GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. |
| CVE-2020-7968 | 2020-02-05 | GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. |
| CVE-2020-7967 | 2020-02-05 | GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). |
| CVE-2020-7966 | 2020-02-05 | GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. |
| CVE-2019-11516 | 2020-02-05 | An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer... |
| CVE-2019-12180 | 2020-02-05 | An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker... |
| CVE-2020-6754 | 2020-02-05 | dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory).... |
| CVE-2019-15126 | 2020-02-05 | An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper... |
| CVE-2020-6833 | 2020-02-05 | An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. |
| CVE-2015-0102 | 2020-02-05 | IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by... |
| CVE-2019-15253 | 2020-02-05 | Cisco Digital Network Architecture Center Stored Cross-Site Scripting Vulnerability |
| CVE-2020-3123 | 2020-02-05 | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on... |
| CVE-2013-2675 | 2020-02-05 | Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information. |
| CVE-2020-3110 | 2020-02-05 | Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerability |
| CVE-2020-3111 | 2020-02-05 | Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability |
| CVE-2020-3118 | 2020-02-05 | Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability |
| CVE-2020-3119 | 2020-02-05 | Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability |
| CVE-2020-3149 | 2020-02-05 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability |
| CVE-2020-3120 | 2020-02-05 | Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability |
| CVE-2010-4662 | 2020-02-05 | PmWiki before 2.2.21 has XSS. |
| CVE-2015-5627 | 2020-02-05 | Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM... |
| CVE-2015-5628 | 2020-02-05 | Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM... |
| CVE-2015-5626 | 2020-02-05 | Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM... |
| CVE-2010-4815 | 2020-02-05 | Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution. |
| CVE-2019-20447 | 2020-02-05 | Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint. |
| CVE-2010-5304 | 2020-02-05 | A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by... |
| CVE-2011-0220 | 2020-02-05 | Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet. |
| CVE-2019-20173 | 2020-02-05 | The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php. |
| CVE-2020-8641 | 2020-02-05 | Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal in the index.php page_slug parameter. |
| CVE-2011-0525 | 2020-02-05 | Batavi before 1.0 has CSRF. |
| CVE-2020-6854 | 2020-02-05 | A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from... |
| CVE-2011-1009 | 2020-02-05 | Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter. |
| CVE-2011-1069 | 2020-02-05 | PHPShop through 0.8.1 has XSS. |
| CVE-2013-2680 | 2020-02-05 | Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartext allowing remote attackers to obtain sensitive information. |
| CVE-2013-2681 | 2020-02-05 | Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access. |
| CVE-2013-2682 | 2020-02-05 | Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information. |
| CVE-2020-8644 | 2020-02-05 | PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. |
| CVE-2011-1150 | 2020-02-05 | bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter. |
| CVE-2011-1151 | 2020-02-05 | Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. |
| CVE-2011-1517 | 2020-02-05 | SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability... |
| CVE-2011-1597 | 2020-02-05 | OpenVAS Manager v2.0.3 allows plugin remote code execution. |
| CVE-2020-8649 | 2020-02-06 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. |
| CVE-2020-8648 | 2020-02-06 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. |
| CVE-2020-8647 | 2020-02-06 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. |
| CVE-2020-8658 | 2020-02-06 | The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a... |
| CVE-2019-20104 | 2020-02-06 | The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity... |
| CVE-2019-20106 | 2020-02-06 | Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a... |
| CVE-2019-20400 | 2020-02-06 | The usage of Tomcat in Jira before version 8.5.2 allows local attackers with permission to write a dll file to a directory in the global path environmental variable can inject... |
| CVE-2019-20401 | 2020-02-06 | Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery (CSRF) vulnerabilities. |
| CVE-2019-20402 | 2020-02-06 | Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via... |
| CVE-2019-20403 | 2020-02-06 | The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. |
| CVE-2019-20404 | 2020-02-06 | The API in Atlassian Jira Server and Data Center before version 8.6.0 allows authenticated remote attackers to determine project titles they do not have access to via an improper authorization... |
| CVE-2019-20405 | 2020-02-06 | The JMX monitoring flag in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to turn the JMX monitoring flag off or on via a Cross-site request... |
| CVE-2019-20406 | 2020-02-06 | The usage of Tomcat in Confluence on the Microsoft Windows operating system before version 7.0.5, and from version 7.1.0 before version 7.1.1 allows local system attackers who have permission to... |
| CVE-2020-5528 | 2020-02-06 | Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4603 and earlier (Movable Type 7), Movable Type 6.5.2 and earlier (Movable Type 6.5), Movable Type Advanced 7 r.4603 and... |
| CVE-2010-3917 | 2020-02-06 | Google Chrome before 3.0 does not properly handle XML documents, which allows remote attackers to obtain sensitive information via a crafted web site. |
| CVE-2016-9928 | 2020-02-06 | MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user,... |
| CVE-2016-7523 | 2020-02-06 | coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |
| CVE-2016-7524 | 2020-02-06 | coders/meta.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. |
| CVE-2012-2593 | 2020-02-06 | Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email. |
| CVE-2015-6000 | 2020-02-06 | Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an... |
| CVE-2014-8271 | 2020-02-06 | Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. |
| CVE-2015-2909 | 2020-02-06 | Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for... |