Lista CVE - 2020 / Aprile
Visualizzazione 501 - 600 di 2186 CVE per Aprile 2020 (Pagina 6 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-1885 | 2020-04-08 | Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via... |
| CVE-2020-2732 | 2020-04-08 | A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may... |
| CVE-2020-11650 | 2020-04-08 | An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of service. The login authentication component has no limits on... |
| CVE-2019-20637 | 2020-04-08 | An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one... |
| CVE-2020-11656 | 2020-04-09 | In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. |
| CVE-2020-11655 | 2020-04-09 | SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. |
| CVE-2020-11557 | 2020-04-09 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value. |
| CVE-2020-11556 | 2020-04-09 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities. |
| CVE-2020-11555 | 2020-04-09 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files. |
| CVE-2020-11554 | 2020-04-09 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4. |
| CVE-2020-11553 | 2020-04-09 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF. |
| CVE-2020-10551 | 2020-04-09 | QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can... |
| CVE-2020-10621 | 2020-04-09 | Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). |
| CVE-2020-10623 | 2020-04-09 | Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. |
| CVE-2020-10617 | 2020-04-09 | There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. |
| CVE-2020-10625 | 2020-04-09 | WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. |
| CVE-2020-10631 | 2020-04-09 | An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. |
| CVE-2020-10603 | 2020-04-09 | WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. |
| CVE-2020-10629 | 2020-04-09 | WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files. |
| CVE-2020-10619 | 2020-04-09 | An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. |
| CVE-2020-9499 | 2020-04-09 | Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go... |
| CVE-2020-9500 | 2020-04-09 | Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device... |
| CVE-2020-5263 | 2020-04-09 | Information disclosure through error object |
| CVE-2018-21034 | 2020-04-09 | In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git. |
| CVE-2020-1895 | 2020-04-09 | A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128. |
| CVE-2020-7922 | 2020-04-09 | Kubernetes Operator generates potentially insecure certificates |
| CVE-2020-8961 | 2020-04-09 | An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn... |
| CVE-2020-11668 | 2020-04-09 | In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. |
| CVE-2020-8834 | 2020-04-09 | Linux kernel KVM Power8 conflicting use of HSTATE_HOST_R1 |
| CVE-2020-1633 | 2020-04-09 | Junos OS: MX Series: Crafted packets traversing a Broadband Network Gateway (BNG) configured with IPv6 NDP proxy could lead to Denial of Service |
| CVE-2019-18376 | 2020-04-09 | A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC,... |
| CVE-2019-18375 | 2020-04-09 | The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently... |
| CVE-2019-7305 | 2020-04-09 | eXtplorer exposes /usr and /etc/extplorer over HTTP |
| CVE-2020-8832 | 2020-04-09 | Ubuntu 18.04 Linux kernel i915 incomplete fix for CVE-2019-14615 |
| CVE-2020-3952 | 2020-04-10 | Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. |
| CVE-2020-1802 | 2020-04-10 | There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the... |
| CVE-2020-4362 | 2020-04-10 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. IBM... |
| CVE-2020-1801 | 2020-04-10 | There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause... |
| CVE-2020-11669 | 2020-04-10 | An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. arch/powerpc/kernel/idle_book3s.S does not have save/restore functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd. |
| CVE-2020-6765 | 2020-04-10 | D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. The CLI... |
| CVE-2015-5524 | 2020-04-10 | An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. There is a buffer overflow in datablock_write because the amount of received data is not... |
| CVE-2020-5303 | 2020-04-10 | Denial of service in Tendermint |
| CVE-2020-11002 | 2020-04-10 | Remote Code Execution (RCE) vulnerability in dropwizard-validation |
| CVE-2020-9056 | 2020-04-10 | Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting |
| CVE-2015-8546 | 2020-04-10 | An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a... |
| CVE-2015-9547 | 2020-04-10 | An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log... |
| CVE-2020-5406 | 2020-04-10 | PCF Autoscaling logs its database credentials |
| CVE-2015-9546 | 2020-04-10 | An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker... |
| CVE-2020-5330 | 2020-04-10 | Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older... |
| CVE-2020-11647 | 2020-04-10 | In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. |
| CVE-2020-11694 | 2020-04-10 | In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. This is fixed in 2019.2.6 and 2019.3.3. |
| CVE-2020-11708 | 2020-04-12 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE() feature, which is for executing programs when... |
| CVE-2020-11707 | 2020-04-12 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user (non-admin) can craft a Junction... |
| CVE-2020-11706 | 2020-04-12 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Interface allows CSRF for actions such as: Change any username and password, admin ones included; Create/Delete users; Enable/Disable... |
| CVE-2020-11705 | 2020-04-12 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter. |
| CVE-2020-11704 | 2020-04-12 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The Admin Web Interface has Multiple Stored and Reflected XSS. GetInheritedProperties is Reflected via the groups parameter. GetUserInfo is Reflected... |
| CVE-2020-11703 | 2020-04-12 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/GetInheritedProperties allows HTTP Response Splitting via the language parameter. |
| CVE-2020-11702 | 2020-04-12 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. The User Web Interface has Multiple Stored and Reflected XSS issues. Collaborate is Reflected via the filename parameter. Collaborate is... |
| CVE-2020-11701 | 2020-04-12 | An issue was discovered in ProVide (formerly zFTPServer) through 13.1. CSRF exists in the User Web Interface, as demonstrated by granting filesystem access to the public for uploading and deleting... |
| CVE-2020-11709 | 2020-04-12 | cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts. |
| CVE-2020-11710 | 2020-04-12 | An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is... |
| CVE-2020-11712 | 2020-04-12 | Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field. |
| CVE-2020-11713 | 2020-04-12 | wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. |
| CVE-2020-11714 | 2020-04-12 | eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Location. |
| CVE-2020-11721 | 2020-04-12 | load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service. |
| CVE-2020-11722 | 2020-04-12 | Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file. |
| CVE-2020-11724 | 2020-04-12 | An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. |
| CVE-2020-11725 | 2020-04-12 | snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding,... |
| CVE-2020-1730 | 2020-04-13 | A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash... |
| CVE-2020-11732 | 2020-04-13 | The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download. |
| CVE-2020-11731 | 2020-04-13 | The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. |
| CVE-2020-1759 | 2020-04-13 | A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the... |
| CVE-2020-8148 | 2020-04-13 | UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key... |
| CVE-2020-9478 | 2020-04-13 | An issue was discovered in Rubrik 5.0.3-2296. An OS command injection vulnerability allows an authenticated attacker to remotely execute arbitrary code on Rubrik-managed systems. |
| CVE-2020-11673 | 2020-04-13 | An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. It allows an unauthenticated user to manipulate polls, e.g., delete, clone, or view a hidden poll. This is... |
| CVE-2020-8430 | 2020-04-13 | Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. |
| CVE-2020-11734 | 2020-04-13 | cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the ACTION parameter. |
| CVE-2019-13916 | 2020-04-13 | An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6.2 CYW20735B1 and CYW20819A1. As a Bluetooth Low Energy (BLE) packet is received, it is copied into a Heap (ThreadX... |
| CVE-2020-3126 | 2020-04-13 | Cisco Webex Meetings Multimedia Viewer Vulnerability |
| CVE-2019-1866 | 2020-04-13 | Cisco Webex Business Suite Host Header Value Integrity Vulnerability |
| CVE-2020-6423 | 2020-04-13 | Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6430 | 2020-04-13 | Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6431 | 2020-04-13 | Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. |
| CVE-2020-6432 | 2020-04-13 | Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2020-6433 | 2020-04-13 | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2020-6434 | 2020-04-13 | Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6435 | 2020-04-13 | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. |
| CVE-2020-6436 | 2020-04-13 | Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6437 | 2020-04-13 | Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. |
| CVE-2020-6438 | 2020-04-13 | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process... |
| CVE-2020-6439 | 2020-04-13 | Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. |
| CVE-2020-6440 | 2020-04-13 | Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted... |
| CVE-2020-6441 | 2020-04-13 | Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. |
| CVE-2020-6442 | 2020-04-13 | Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2020-6443 | 2020-04-13 | Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a... |
| CVE-2020-6444 | 2020-04-13 | Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6445 | 2020-04-13 | Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
| CVE-2020-6446 | 2020-04-13 | Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
| CVE-2020-6447 | 2020-04-13 | Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a... |
| CVE-2020-6448 | 2020-04-13 | Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |