Lista CVE - 2020 / Maggio
Visualizzazione 901 - 1000 di 1017 CVE per Maggio 2020 (Pagina 10 di 11)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-12394 | 2020-05-26 | A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input... |
| CVE-2020-12393 | 2020-05-26 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used... |
| CVE-2020-12392 | 2020-05-26 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user... |
| CVE-2020-12391 | 2020-05-26 | Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit... |
| CVE-2020-12390 | 2020-05-26 | Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. |
| CVE-2020-12389 | 2020-05-26 | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects... |
| CVE-2020-12388 | 2020-05-26 | The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects... |
| CVE-2020-12387 | 2020-05-26 | A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox... |
| CVE-2020-6831 | 2020-05-26 | A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR... |
| CVE-2020-6830 | 2020-05-26 | For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but... |
| CVE-2020-9046 | 2020-05-26 | Kantech EntraPass Security Management Software - System Permissions Vulnerability |
| CVE-2020-13616 | 2020-05-26 | The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification. |
| CVE-2020-13615 | 2020-05-26 | lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates. |
| CVE-2020-13614 | 2020-05-26 | An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. |
| CVE-2020-13623 | 2020-05-26 | JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation. |
| CVE-2020-13622 | 2020-05-26 | JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data. |
| CVE-2020-10737 | 2020-05-27 | A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory... |
| CVE-2019-20806 | 2020-05-27 | An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75. |
| CVE-2020-13386 | 2020-05-27 | In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks... |
| CVE-2020-4226 | 2020-05-27 | IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer... |
| CVE-2020-4348 | 2020-05-27 | IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID:... |
| CVE-2020-4349 | 2020-05-27 | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178423. |
| CVE-2020-4350 | 2020-05-27 | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 178424. |
| CVE-2020-4357 | 2020-05-27 | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be... |
| CVE-2020-4358 | 2020-05-27 | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2020-4378 | 2020-05-27 | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command. IBM X-Force ID: 179157. |
| CVE-2020-4379 | 2020-05-27 | IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 179158. |
| CVE-2020-13253 | 2020-05-27 | sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can crash the QEMU process. |
| CVE-2020-13632 | 2020-05-27 | ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. |
| CVE-2020-13631 | 2020-05-27 | SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. |
| CVE-2020-13630 | 2020-05-27 | ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. |
| CVE-2020-13633 | 2020-05-27 | Fork before 5.8.3 allows XSS via navigation_title or title. |
| CVE-2020-10945 | 2020-05-27 | Centreon before 19.10.7 exposes Session IDs in server responses. |
| CVE-2020-10946 | 2020-05-27 | Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and... |
| CVE-2020-13627 | 2020-05-27 | Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and... |
| CVE-2020-13628 | 2020-05-27 | Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and... |
| CVE-2020-6774 | 2020-05-27 | Kiosk Mode Breakout in Bosch Recording Station |
| CVE-2020-10936 | 2020-05-27 | Sympa before 6.2.56 allows privilege escalation. |
| CVE-2020-11059 | 2020-05-27 | Exposure of Sensitive Information to an Unauthorized Actor in AEgir |
| CVE-2020-11075 | 2020-05-27 | Shell Escape in Anchore Engine |
| CVE-2020-8603 | 2020-05-27 | A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction... |
| CVE-2020-8604 | 2020-05-27 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations. |
| CVE-2020-8605 | 2020-05-27 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability. |
| CVE-2020-8606 | 2020-05-27 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. |
| CVE-2020-13641 | 2020-05-28 | An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged... |
| CVE-2020-13644 | 2020-05-28 | An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import... |
| CVE-2020-13643 | 2020-05-28 | An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged... |
| CVE-2020-13642 | 2020-05-28 | An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The action_builder_content function did not do any nonce verification, allowing for requests to be forged on... |
| CVE-2020-13645 | 2020-05-28 | In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in... |
| CVE-2020-11949 | 2020-05-28 | testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this... |
| CVE-2020-11950 | 2020-05-28 | VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands). For example, this affects IT9388-HT devices. |
| CVE-2019-20807 | 2020-05-28 | In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). |
| CVE-2020-7812 | 2020-05-28 | Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability |
| CVE-2020-13361 | 2020-05-28 | In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. |
| CVE-2020-13649 | 2020-05-28 | parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure. |
| CVE-2020-13362 | 2020-05-28 | In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. |
| CVE-2020-4231 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. IBM X-Force ID: 175335. |
| CVE-2020-4232 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system.... |
| CVE-2020-4233 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in... |
| CVE-2020-4244 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422. |
| CVE-2020-4245 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force... |
| CVE-2020-4246 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose... |
| CVE-2020-4249 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485. |
| CVE-2020-4419 | 2020-05-28 | IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2020-4248 | 2020-05-28 | IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could... |
| CVE-2020-8329 | 2020-05-28 | A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted... |
| CVE-2020-8330 | 2020-05-28 | A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted... |
| CVE-2020-13245 | 2020-05-28 | Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300,... |
| CVE-2020-11079 | 2020-05-28 | command injection fix in node-dns-sync |
| CVE-2020-13660 | 2020-05-28 | CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name. |
| CVE-2020-5357 | 2020-05-28 | Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities... |
| CVE-2019-6342 | 2020-05-28 | Drupal core - Critical - Access bypass - SA-CORE-2019-008 |
| CVE-2020-13173 | 2020-05-28 | Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker... |
| CVE-2020-11082 | 2020-05-28 | Cross-Site Scripting in Kaminari |
| CVE-2020-13693 | 2020-05-28 | An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. |
| CVE-2020-11017 | 2020-05-29 | Double free in cliprdr_server_receive_capabilities in FreeRDP |
| CVE-2020-11018 | 2020-05-29 | Out of bound read in cliprdr_server_receive_capabilities in FreeRDP |
| CVE-2020-11019 | 2020-05-29 | Out of bound read in update_recv in FreeRDP |
| CVE-2020-11038 | 2020-05-29 | Integer Overflow to Buffer Overflow in FreeRDP |
| CVE-2020-11039 | 2020-05-29 | Integer Overflow in FreeRDP |
| CVE-2020-11040 | 2020-05-29 | Out-of-bounds Read in FreeRDP |
| CVE-2020-11041 | 2020-05-29 | Improper Validation of Array Index in FreeRDP |
| CVE-2020-11043 | 2020-05-29 | Out-of-bounds Read in FreeRDP |
| CVE-2020-11085 | 2020-05-29 | Out-of-bounds Read in FreeRDP |
| CVE-2020-11086 | 2020-05-29 | Out-of-bounds Read in FreeRDP `ntlm_read_ntlm_v2_response` |
| CVE-2020-11087 | 2020-05-29 | Out-of-bounds Read in FreeRDP |
| CVE-2020-11088 | 2020-05-29 | Out-of-bound read in FreeRDP |
| CVE-2020-11089 | 2020-05-29 | Out-of-bound read in FreeRDP |
| CVE-2020-5572 | 2020-05-29 | Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors. |
| CVE-2020-5573 | 2020-05-29 | Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors. |
| CVE-2020-4306 | 2020-05-29 | IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-4352 | 2020-05-29 | IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427. |
| CVE-2020-4490 | 2020-05-29 | IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing... |
| CVE-2020-12675 | 2020-05-29 | The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this... |
| CVE-2020-13634 | 2020-05-29 | In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of... |
| CVE-2020-12493 | 2020-05-29 | Critical Vulnerability in SWARCO CPU LS4000 |
| CVE-2020-8816 | 2020-05-29 | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. |
| CVE-2020-1798 | 2020-05-29 | HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the... |
| CVE-2020-1832 | 2020-05-29 | E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability. The program copies an input buffer to an output buffer without verification. An attacker in the... |
| CVE-2020-1870 | 2020-05-29 | There is a denial of service vulnerability in some Huawei products. Due to improper memory management, memory leakage may occur in some special cases. Attackers can perform a series of... |