Lista CVE - 2020 / Maggio
Visualizzazione 801 - 900 di 1017 CVE per Maggio 2020 (Pagina 9 di 11)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-1134 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is... |
| CVE-2020-1135 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. |
| CVE-2020-1136 | 2020-05-21 | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1150. |
| CVE-2020-1137 | 2020-05-21 | An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. |
| CVE-2020-1138 | 2020-05-21 | An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. |
| CVE-2020-1139 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086,... |
| CVE-2020-1140 | 2020-05-21 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. |
| CVE-2020-1141 | 2020-05-21 | An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka... |
| CVE-2020-1142 | 2020-05-21 | An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. |
| CVE-2020-1143 | 2020-05-21 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is... |
| CVE-2020-1144 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is... |
| CVE-2020-1145 | 2020-05-21 | An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka... |
| CVE-2020-1149 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086,... |
| CVE-2020-1150 | 2020-05-21 | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1136. |
| CVE-2020-1151 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086,... |
| CVE-2020-1153 | 2020-05-21 | A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. |
| CVE-2020-1154 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege... |
| CVE-2020-1155 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086,... |
| CVE-2020-1156 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086,... |
| CVE-2020-1157 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086,... |
| CVE-2020-1158 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086,... |
| CVE-2020-1161 | 2020-05-21 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. |
| CVE-2020-1164 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086,... |
| CVE-2020-1165 | 2020-05-21 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1111, CVE-2020-1121,... |
| CVE-2020-1166 | 2020-05-21 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1111, CVE-2020-1121,... |
| CVE-2020-1171 | 2020-05-21 | A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution... |
| CVE-2020-1173 | 2020-05-21 | A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'. |
| CVE-2020-1174 | 2020-05-21 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique... |
| CVE-2020-1175 | 2020-05-21 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique... |
| CVE-2020-1176 | 2020-05-21 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique... |
| CVE-2020-1179 | 2020-05-21 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963,... |
| CVE-2020-1184 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is... |
| CVE-2020-1185 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is... |
| CVE-2020-1186 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is... |
| CVE-2020-1187 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is... |
| CVE-2020-1188 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is... |
| CVE-2020-1189 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is... |
| CVE-2020-1190 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is... |
| CVE-2020-1191 | 2020-05-21 | An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is... |
| CVE-2020-1192 | 2020-05-21 | A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution... |
| CVE-2020-1195 | 2020-05-21 | An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'. |
| CVE-2020-13396 | 2020-05-22 | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. |
| CVE-2020-13397 | 2020-05-22 | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. |
| CVE-2020-13398 | 2020-05-22 | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. |
| CVE-2020-13384 | 2020-05-22 | Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related... |
| CVE-2020-3344 | 2020-05-22 | Cisco AMP for Endpoints Linux Connector and AMP for Endpoints Mac Connector Software Memory Buffer Vulnerability |
| CVE-2020-3343 | 2020-05-22 | Cisco AMP for Endpoints Linux Connector and AMP for Endpoints Mac Connector Software Memory Buffer Vulnerability |
| CVE-2020-3314 | 2020-05-22 | Cisco AMP for Endpoints Mac Connector Software File Scan Denial of Service Vulnerability |
| CVE-2020-3272 | 2020-05-22 | Cisco Prime Network Registrar DHCP Denial of Service Vulnerability |
| CVE-2020-3184 | 2020-05-22 | Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability |
| CVE-2020-3280 | 2020-05-22 | Cisco Unified Contact Center Express Remote Code Execution Vulnerability |
| CVE-2020-7813 | 2020-05-22 | Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability |
| CVE-2020-8789 | 2020-05-22 | Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration. |
| CVE-2020-1956 | 2020-05-22 | Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be... |
| CVE-2020-6091 | 2020-05-22 | An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass... |
| CVE-2020-10711 | 2020-05-22 | A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category... |
| CVE-2020-11076 | 2020-05-22 | HTTP Smuggling via Transfer-Encoding Header in Puma |
| CVE-2020-11077 | 2020-05-22 | HTTP Smuggling via Transfer-Encoding Header in Puma |
| CVE-2020-7658 | 2020-05-22 | meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. |
| CVE-2020-13394 | 2020-05-22 | An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the... |
| CVE-2020-13393 | 2020-05-22 | An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the... |
| CVE-2020-13392 | 2020-05-22 | An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the... |
| CVE-2020-13391 | 2020-05-22 | An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the... |
| CVE-2020-13390 | 2020-05-22 | An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the... |
| CVE-2020-13389 | 2020-05-22 | An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the... |
| CVE-2020-13388 | 2020-05-22 | An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary... |
| CVE-2020-12397 | 2020-05-22 | By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. |
| CVE-2020-13417 | 2020-05-22 | An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL... |
| CVE-2020-13416 | 2020-05-22 | An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a... |
| CVE-2020-13415 | 2020-05-22 | An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has... |
| CVE-2020-13414 | 2020-05-22 | An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. |
| CVE-2020-13413 | 2020-05-22 | An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force. |
| CVE-2020-13412 | 2020-05-22 | An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. |
| CVE-2020-13424 | 2020-05-23 | The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure. |
| CVE-2020-13425 | 2020-05-23 | TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted. |
| CVE-2020-13430 | 2020-05-24 | Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. |
| CVE-2020-13429 | 2020-05-24 | legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option. |
| CVE-2020-13433 | 2020-05-24 | Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter. |
| CVE-2020-13435 | 2020-05-24 | SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. |
| CVE-2020-13434 | 2020-05-24 | SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. |
| CVE-2020-13439 | 2020-05-24 | ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c. |
| CVE-2020-13440 | 2020-05-24 | ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. |
| CVE-2020-13438 | 2020-05-24 | ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c. |
| CVE-2020-5537 | 2020-05-25 | Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors. |
| CVE-2020-13442 | 2020-05-25 | A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/. |
| CVE-2020-13459 | 2020-05-25 | An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action. |
| CVE-2020-13458 | 2020-05-25 | An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action. |
| CVE-2020-13482 | 2020-05-25 | EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server... |
| CVE-2020-13486 | 2020-05-25 | The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. |
| CVE-2020-13485 | 2020-05-25 | The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. |
| CVE-2020-3812 | 2020-05-26 | qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because... |
| CVE-2020-3811 | 2020-05-26 | qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. |
| CVE-2020-13487 | 2020-05-26 | The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An... |
| CVE-2020-10751 | 2020-05-26 | A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The... |
| CVE-2020-10719 | 2020-05-26 | A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of... |
| CVE-2020-8170 | 2020-05-26 | We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and... |
| CVE-2020-8171 | 2020-05-26 | We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and... |
| CVE-2020-8168 | 2020-05-26 | We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and... |
| CVE-2020-12396 | 2020-05-26 | Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2020-12395 | 2020-05-26 | Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that... |