Lista CVE - 2020 / Febbraio
Visualizzazione 201 - 300 di 1397 CVE per Febbraio 2020 (Pagina 3 di 14)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2016-1544 | 2020-02-06 | nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion). |
| CVE-2013-4166 | 2020-02-06 | The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption,... |
| CVE-2013-4572 | 2020-02-06 | The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote... |
| CVE-2014-2030 | 2020-02-06 | Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a... |
| CVE-2014-1958 | 2020-02-06 | Buffer overflow in the DecodePSDPixels function in coders/psd.c in ImageMagick before 6.8.8-5 might allow remote attackers to execute arbitrary code via a crafted PSD image, involving the L%06ld string, a... |
| CVE-2019-15711 | 2020-02-06 | A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs"... |
| CVE-2019-17652 | 2020-02-06 | A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending... |
| CVE-2014-2875 | 2020-02-06 | The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via... |
| CVE-2014-10399 | 2020-02-06 | The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. |
| CVE-2014-10400 | 2020-02-06 | The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was... |
| CVE-2019-16152 | 2020-02-06 | A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via... |
| CVE-2020-5856 | 2020-02-06 | On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart. |
| CVE-2020-5855 | 2020-02-06 | When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get... |
| CVE-2020-5854 | 2020-02-06 | On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made. |
| CVE-2013-4521 | 2020-02-06 | RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute... |
| CVE-2019-10789 | 2020-02-06 | All versions of curling.js are vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization. |
| CVE-2019-19800 | 2020-02-06 | Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet. |
| CVE-2020-6767 | 2020-02-06 | Path Traversal in Bosch Video Management System (BVMS) |
| CVE-2020-6856 | 2020-02-06 | An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration... |
| CVE-2020-7953 | 2020-02-06 | An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read server files (e.g., /etc/passwd) due to the use of the nmap -iL (aka input file)... |
| CVE-2020-8771 | 2020-02-06 | The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list... |
| CVE-2020-8772 | 2020-02-06 | The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in. |
| CVE-2020-6855 | 2020-02-06 | A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources... |
| CVE-2020-7954 | 2020-02-06 | An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's... |
| CVE-2020-8608 | 2020-02-06 | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. |
| CVE-2019-12426 | 2020-02-06 | an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06 |
| CVE-2020-8636 | 2020-02-06 | An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution . |
| CVE-2020-5720 | 2020-02-06 | MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it... |
| CVE-2020-7920 | 2020-02-06 | pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. |
| CVE-2012-6297 | 2020-02-06 | Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 from specially crafted configuration values containing shell meta-characters, which could let a remote malicious user cause a Denial of Service. |
| CVE-2012-6306 | 2020-02-06 | A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write access violation with a GIF file. |
| CVE-2012-6307 | 2020-02-06 | A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code |
| CVE-2012-6309 | 2020-02-06 | A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors in .torrent file handling, which could let a malicious user cause a Denial of Service. |
| CVE-2020-5317 | 2020-02-06 | Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A remote authenticated malicious user could exploit this vulnerability to store malicious HTML or JavaScript code in a trusted... |
| CVE-2020-5318 | 2020-02-06 | Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN... |
| CVE-2020-5319 | 2020-02-06 | Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prior to 5.0.2.0.5.009 contain a Denial of Service vulnerability on NAS Server SSH implementation that is used to... |
| CVE-2020-8657 | 2020-02-06 | An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as EONAPI_KEY in include/api_functions.php for API version 2.4.2) by default for all installations, hence allowing... |
| CVE-2012-6340 | 2020-02-06 | An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. |
| CVE-2012-6341 | 2020-02-06 | An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device,... |
| CVE-2020-6760 | 2020-02-06 | Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by... |
| CVE-2013-2683 | 2020-02-06 | Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disclosure Vulnerability which allows remote attackers to obtain private IP addresses and other sensitive information. |
| CVE-2013-2684 | 2020-02-06 | Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-3564 | 2020-02-06 | The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands... |
| CVE-2013-3568 | 2020-02-06 | Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. |
| CVE-2013-3638 | 2020-02-06 | SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'. |
| CVE-2020-8656 | 2020-02-06 | An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection, allowing an unauthenticated attacker to perform various tasks such as authentication bypass via the... |
| CVE-2020-8645 | 2020-02-06 | An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is job_id. The function is getJobApplicationsByJobId().... |
| CVE-2020-8654 | 2020-02-06 | An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field. |
| CVE-2020-8655 | 2020-02-06 | An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted... |
| CVE-2020-1700 | 2020-02-07 | A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a... |
| CVE-2019-10567 | 2020-02-07 | There is a way to deceive the GPU kernel driver into thinking there is room in the GPU ringbuffer and overwriting existing commands could allow unintended GPU opcodes to be... |
| CVE-2019-10590 | 2020-02-07 | Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,... |
| CVE-2019-14002 | 2020-02-07 | APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2019-14040 | 2020-02-07 | Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior such as execution of unknown code in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,... |
| CVE-2019-14041 | 2020-02-07 | During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer with physical address information in Snapdragon Auto, Snapdragon Compute, Snapdragon... |
| CVE-2019-14044 | 2020-02-07 | Out of bound access due to access of uninitialized memory segment in an array of pointers while normal camera open close in Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SDM439,... |
| CVE-2019-14046 | 2020-02-07 | Out of bound access while allocating memory for an array in camera due to improper validation of elements parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2019-14049 | 2020-02-07 | Stage-2 fault will occur while writing to an ION system allocation which has been assigned to non-HLOS memory which is non-standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,... |
| CVE-2019-14051 | 2020-02-07 | Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607 |
| CVE-2019-14055 | 2020-02-07 | Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity,... |
| CVE-2019-14057 | 2020-02-07 | Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon... |
| CVE-2019-14060 | 2020-02-07 | Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of... |
| CVE-2019-14063 | 2020-02-07 | Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2019-14088 | 2020-02-07 | Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,... |
| CVE-2013-2008 | 2020-02-07 | WordPress Super Cache Plugin 1.3 has XSS. |
| CVE-2020-8788 | 2020-02-07 | Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.aspx UserName parameter. NOTE: the issues/227 reference does not imply that the affected product can be downloaded... |
| CVE-2013-2009 | 2020-02-07 | WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution |
| CVE-2012-1566 | 2020-02-07 | LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny. |
| CVE-2012-1567 | 2020-02-07 | LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate. |
| CVE-2013-0192 | 2020-02-07 | File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin can read files such as the database config. |
| CVE-2013-1202 | 2020-02-07 | Cisco ACE A2(3.6) allows log retention DoS. |
| CVE-2019-17268 | 2020-02-07 | The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected. |
| CVE-2013-4334 | 2020-02-07 | opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities |
| CVE-2013-4335 | 2020-02-07 | opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities |
| CVE-2013-3591 | 2020-02-07 | vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability |
| CVE-2013-3628 | 2020-02-07 | Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability |
| CVE-2013-3629 | 2020-02-07 | ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution |
| CVE-2013-3635 | 2020-02-07 | ProjectPier 0.8.8 has stored XSS |
| CVE-2013-3636 | 2020-02-07 | ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag |
| CVE-2013-3637 | 2020-02-07 | ProjectPier 0.8.8 does not use the Secure flag for cookies |
| CVE-2019-16155 | 2020-02-07 | A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup... |
| CVE-2019-15605 | 2020-02-07 | HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed |
| CVE-2020-8126 | 2020-02-07 | A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to... |
| CVE-2019-15604 | 2020-02-07 | Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate |
| CVE-2019-15606 | 2020-02-07 | Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons |
| CVE-2014-9530 | 2020-02-07 | A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact. |
| CVE-2010-4658 | 2020-02-07 | statusnet through 2010 allows attackers to spoof syslog messages via newline injection attacks. |
| CVE-2019-18988 | 2020-02-07 | TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers' installations. It used a shared AES key for all installations... |
| CVE-2014-7224 | 2020-02-07 | A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary... |
| CVE-2020-1768 | 2020-02-07 | External Interface does not invalidate session |
| CVE-2014-6413 | 2020-02-07 | A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. |
| CVE-2014-5468 | 2020-02-07 | A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious... |
| CVE-2014-5288 | 2020-02-07 | A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages. |
| CVE-2014-5278 | 2020-02-07 | A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. |
| CVE-2014-5091 | 2020-02-07 | A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. |
| CVE-2014-5087 | 2020-02-07 | A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code. |
| CVE-2013-3091 | 2020-02-07 | An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging." |
| CVE-2013-3067 | 2020-02-07 | Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. |
| CVE-2013-3096 | 2020-02-07 | D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability. |
| CVE-2020-6769 | 2020-02-07 | Missing Authentication for Critical Function in Bosch Video Streaming Gateway |