Lista CVE - 2020 / Febbraio
Visualizzazione 601 - 700 di 1397 CVE per Febbraio 2020 (Pagina 7 di 14)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-8891 | 2020-02-11 | An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests. |
| CVE-2020-8890 | 2020-02-11 | An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a... |
| CVE-2019-19921 | 2020-02-12 | runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount... |
| CVE-2014-0234 | 2020-02-12 | The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker... |
| CVE-2014-4968 | 2020-02-12 | The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web... |
| CVE-2014-2595 | 2020-02-12 | Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. |
| CVE-2014-6262 | 2020-02-12 | Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a... |
| CVE-2014-9390 | 2020-02-12 | Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple... |
| CVE-2014-8128 | 2020-02-12 | LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write)... |
| CVE-2015-7508 | 2020-02-12 | Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the... |
| CVE-2012-0810 | 2020-02-12 | The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via... |
| CVE-2014-2560 | 2020-02-12 | The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack,... |
| CVE-2009-5140 | 2020-02-12 | The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access... |
| CVE-2009-5139 | 2020-02-12 | The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via... |
| CVE-2014-4607 | 2020-02-12 | Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. |
| CVE-2013-7378 | 2020-02-12 | scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands. |
| CVE-2019-20098 | 2020-02-12 | The VerifySmtpServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user... |
| CVE-2019-20099 | 2020-02-12 | The VerifyPopServerConnection!add.jspa component in Atlassian Jira Server and Data Center before version 8.7.0 is vulnerable to cross-site request forgery (CSRF). An attacker could exploit this by tricking an administrative user... |
| CVE-2019-20100 | 2020-02-12 | The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, from version... |
| CVE-2020-8595 | 2020-02-12 | Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP... |
| CVE-2019-19196 | 2020-02-12 | The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices... |
| CVE-2019-19194 | 2020-02-12 | The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices... |
| CVE-2013-7381 | 2020-02-12 | libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify. |
| CVE-2015-5617 | 2020-02-12 | SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter. |
| CVE-2020-2109 | 2020-02-12 | Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. |
| CVE-2020-2110 | 2020-02-12 | Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside... |
| CVE-2020-2111 | 2020-02-12 | Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. |
| CVE-2020-2112 | 2020-02-12 | Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the parameter name shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. |
| CVE-2020-2113 | 2020-02-12 | Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the default value shown on the UI, resulting in a stored cross-site scripting vulnerability exploitable by users with Job/Configure permission. |
| CVE-2020-2114 | 2020-02-12 | Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. |
| CVE-2020-2115 | 2020-02-12 | Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2020-2116 | 2020-02-12 | A cross-site request forgery vulnerability in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another... |
| CVE-2020-2117 | 2020-02-12 | A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained... |
| CVE-2020-2118 | 2020-02-12 | A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in... |
| CVE-2020-2119 | 2020-02-12 | Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. |
| CVE-2020-2120 | 2020-02-12 | Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2020-2121 | 2020-02-12 | Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. |
| CVE-2020-2122 | 2020-02-12 | Jenkins Brakeman Plugin 0.12 and earlier did not escape values received from parsed JSON files when rendering them, resulting in a stored cross-site scripting vulnerability exploitable by users able to... |
| CVE-2020-2123 | 2020-02-12 | Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. |
| CVE-2020-2124 | 2020-02-12 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended... |
| CVE-2020-2125 | 2020-02-12 | Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG passphrase unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with... |
| CVE-2020-2126 | 2020-02-12 | Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the... |
| CVE-2020-2127 | 2020-02-12 | Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with... |
| CVE-2020-2128 | 2020-02-12 | Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended... |
| CVE-2020-2129 | 2020-02-12 | Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to... |
| CVE-2020-2130 | 2020-02-12 | Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to... |
| CVE-2020-2131 | 2020-02-12 | Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or... |
| CVE-2020-2132 | 2020-02-12 | Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read... |
| CVE-2020-2133 | 2020-02-12 | Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or... |
| CVE-2020-8815 | 2020-02-12 | Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large... |
| CVE-2020-8839 | 2020-02-12 | Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demonstrated by the /if.cgi TF_submask field. |
| CVE-2013-2010 | 2020-02-12 | WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability |
| CVE-2015-7890 | 2020-02-12 | Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory... |
| CVE-2013-1410 | 2020-02-12 | Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities |
| CVE-2013-1938 | 2020-02-12 | Zimbra 2013 has XSS in aspell.php |
| CVE-2013-2097 | 2020-02-12 | ZPanel through 10.1.0 has Remote Command Execution |
| CVE-2013-4090 | 2020-02-12 | Varnish HTTP cache before 3.0.4: ACL bug |
| CVE-2013-3494 | 2020-02-12 | A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code. |
| CVE-2013-4395 | 2020-02-12 | Simple Machines Forum (SMF) through 2.0.5 has XSS |
| CVE-2013-1924 | 2020-02-12 | Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2 |
| CVE-2013-3685 | 2020-02-12 | A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon,... |
| CVE-2013-6236 | 2020-02-12 | IZON IP 2.0.2: hard-coded password vulnerability |
| CVE-2013-6681 | 2020-02-12 | Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability |
| CVE-2013-2637 | 2020-02-12 | A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which... |
| CVE-2019-4427 | 2020-02-12 | IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software... |
| CVE-2019-4431 | 2020-02-12 | IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4741 | 2020-02-12 | IBM Content Navigator 3.0CD is vulnerable to Server Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration... |
| CVE-2020-7046 | 2020-02-12 | lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop. |
| CVE-2011-4661 | 2020-02-12 | A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security... |
| CVE-2020-7957 | 2020-02-12 | The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This... |
| CVE-2012-0951 | 2020-02-12 | A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry. |
| CVE-2020-8945 | 2020-02-12 | The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash... |
| CVE-2019-11867 | 2020-02-12 | Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero... |
| CVE-2020-8946 | 2020-02-12 | Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. |
| CVE-2013-7286 | 2020-02-12 | MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm |
| CVE-2020-8947 | 2020-02-12 | functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224. |
| CVE-2014-3860 | 2020-02-12 | Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability |
| CVE-2019-16336 | 2020-02-12 | The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX... |
| CVE-2019-17519 | 2020-02-12 | The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a... |
| CVE-2013-3725 | 2020-02-12 | Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution. |
| CVE-2019-19192 | 2020-02-12 | The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range... |
| CVE-2011-4338 | 2020-02-12 | Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite... |
| CVE-2020-8949 | 2020-02-12 | Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.16528, S3A 4.3.0.16572, and ISP3000 4.3.0.17190 devices allows remote attackers to execute arbitrary OS commands via shell metacharacters... |
| CVE-2011-2343 | 2020-02-12 | The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer. |
| CVE-2011-2499 | 2020-02-12 | Mambo CMS through 4.6.5 has multiple XSS. |
| CVE-2011-3336 | 2020-02-12 | regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. |
| CVE-2011-3901 | 2020-02-12 | Android SQLite Journal before 4.0.1 has an information disclosure vulnerability. |
| CVE-2020-6193 | 2020-02-12 | SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to execute malicious scripts leading to Reflected Cross-Site Scripting (XSS) vulnerability. |
| CVE-2020-6192 | 2020-02-12 | SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. |
| CVE-2020-6177 | 2020-02-12 | SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does... |
| CVE-2020-6187 | 2020-02-12 | SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service. |
| CVE-2020-6189 | 2020-02-12 | Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to... |
| CVE-2020-6190 | 2020-02-12 | Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that... |
| CVE-2020-6188 | 2020-02-12 | VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101,... |
| CVE-2020-6191 | 2020-02-12 | SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input... |
| CVE-2020-6184 | 2020-02-12 | Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), does not sufficiently encode user-controlled inputs, resulting in... |
| CVE-2020-6183 | 2020-02-12 | SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive... |
| CVE-2020-6186 | 2020-02-12 | SAP Host Agent, version 7.21, allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to Denial of Service. |
| CVE-2020-6181 | 2020-02-12 | Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an... |
| CVE-2020-6185 | 2020-02-12 | Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious... |