Lista CVE - 2020 / Maggio
Visualizzazione 101 - 200 di 1017 CVE per Maggio 2020 (Pagina 2 di 11)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-6076 | 2020-05-06 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in... |
| CVE-2020-6075 | 2020-05-06 | An exploitable out-of-bounds write vulnerability exists in the store_data_buffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in... |
| CVE-2019-19166 | 2020-05-06 | Tobesoft XPlatform Arbitrary File Execution Vulnerability |
| CVE-2020-2181 | 2020-05-06 | Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets in the build log when the build contains no build steps. |
| CVE-2020-2182 | 2020-05-06 | Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances. |
| CVE-2020-2183 | 2020-05-06 | Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access. |
| CVE-2020-2184 | 2020-05-06 | A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 and earlier allows attackers to create and manipulate tags, and to connect to an attacker-specified URL. |
| CVE-2020-2185 | 2020-05-06 | Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. |
| CVE-2020-2186 | 2020-05-06 | A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances. |
| CVE-2020-2187 | 2020-05-06 | Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. |
| CVE-2020-2188 | 2020-05-06 | A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. |
| CVE-2020-2189 | 2020-05-06 | Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. |
| CVE-2019-19167 | 2020-05-06 | Tobesoft Nexacro14 ActiveX File Download Vulnerability |
| CVE-2020-7806 | 2020-05-06 | Tobesoft Xplatform ActiveX File Download Vulnerability |
| CVE-2019-19169 | 2020-05-06 | Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged... |
| CVE-2019-19168 | 2020-05-06 | Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This... |
| CVE-2020-10693 | 2020-05-06 | A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw... |
| CVE-2020-6861 | 2020-05-06 | A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending... |
| CVE-2019-4266 | 2020-05-06 | IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not have device jailbreak detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160199. |
| CVE-2020-4384 | 2020-05-06 | IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2020-4421 | 2020-05-06 | IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoof another users identify. IBM X-Force ID: 180084. |
| CVE-2020-4446 | 2020-05-06 | IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to... |
| CVE-2020-12108 | 2020-05-06 | /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. |
| CVE-2020-7921 | 2020-05-06 | Administrative action may disable enforcement of per-user IP whitelisting |
| CVE-2020-8899 | 2020-05-06 | Memory corruption in Quram library when decoding qmg can lead to RCE |
| CVE-2020-3186 | 2020-05-06 | Cisco Firepower Threat Defense Software Management Access List Bypass Vulnerability |
| CVE-2020-3178 | 2020-05-06 | Cisco Content Security Management Appliance Open Redirect Vulnerabilities |
| CVE-2020-3179 | 2020-05-06 | Cisco Firepower Threat Defense Software Generic Routing Encapsulation Tunnel IPv6 Denial of Service Vulnerability |
| CVE-2020-3125 | 2020-05-06 | Cisco Adaptive Security Appliance Software Kerberos Authentication Bypass Vulnerability |
| CVE-2020-3309 | 2020-05-06 | Cisco Firepower Device Manager On-Box Software Arbitrary File Overwrite Vulnerability |
| CVE-2020-3310 | 2020-05-06 | Cisco Firepower Device Manager On-Box Software XML Parsing Vulnerability |
| CVE-2020-3311 | 2020-05-06 | Cisco Firepower Management Center Open Redirect Vulnerability |
| CVE-2020-3312 | 2020-05-06 | Cisco Firepower Threat Defense Software Information Disclosure Vulnerability |
| CVE-2020-3313 | 2020-05-06 | Cisco Firepower Management Center Cross-Site Scripting Vulnerability |
| CVE-2020-3315 | 2020-05-06 | Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability |
| CVE-2020-3318 | 2020-05-06 | Cisco Firepower Management Center Static Credential Vulnerabilities |
| CVE-2020-3329 | 2020-05-06 | Cisco IMC Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data Role-Based Access Control Vulnerability |
| CVE-2020-3334 | 2020-05-06 | Cisco Firepower 2100 Series Security Appliances ARP Denial of Service Vulnerability |
| CVE-2020-3187 | 2020-05-06 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Path Traversal Vulnerability |
| CVE-2020-3188 | 2020-05-06 | Cisco Firepower Threat Defense Software Management Interface Denial of Service Vulnerability |
| CVE-2020-3189 | 2020-05-06 | Cisco Firepower Threat Defense Software VPN System Logging Denial of Service Vulnerability |
| CVE-2020-3191 | 2020-05-06 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IPv6 DNS Denial of Service Vulnerability |
| CVE-2020-3195 | 2020-05-06 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability |
| CVE-2020-3196 | 2020-05-06 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability |
| CVE-2020-3246 | 2020-05-06 | Cisco Umbrella Carriage Return Line Feed Injection Vulnerability |
| CVE-2020-3253 | 2020-05-06 | Cisco Firepower Threat Defense Software Shell Access Vulnerability |
| CVE-2020-3254 | 2020-05-06 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Media Gateway Control Protocol Denial of Service Vulnerabilities |
| CVE-2020-3255 | 2020-05-06 | Cisco Firepower Threat Defense Software Packet Flood Denial of Service Vulnerability |
| CVE-2020-3256 | 2020-05-06 | Cisco Hosted Collaboration Mediation Fulfillment XML External Expansion Vulnerability |
| CVE-2020-3259 | 2020-05-06 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability |
| CVE-2020-3283 | 2020-05-06 | Cisco Firepower 1000 Series SSL/TLS Denial of Service Vulnerability |
| CVE-2020-3285 | 2020-05-06 | Cisco Firepower Threat Defense Software SSL/TLS URL Category Bypass Vulnerability |
| CVE-2020-3298 | 2020-05-06 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Malformed OSPF Packets Processing Denial of Service Vulnerability |
| CVE-2020-3301 | 2020-05-06 | Cisco Firepower Management Center Static Credential Vulnerabilities |
| CVE-2020-3302 | 2020-05-06 | Cisco Firepower Management Center File Overwrite Vulnerability |
| CVE-2020-3303 | 2020-05-06 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv1 Denial of Service Vulnerability |
| CVE-2020-3305 | 2020-05-06 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software BGP Denial of Service Vulnerability |
| CVE-2020-3306 | 2020-05-06 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software DHCP Denial of Service Vulnerability |
| CVE-2020-3307 | 2020-05-06 | Cisco Firepower Management Center Arbitrary Log File Write Vulnerability |
| CVE-2020-3308 | 2020-05-06 | Cisco Firepower Threat Defense Software Signature Verification Bypass Vulnerability |
| CVE-2020-11727 | 2020-05-06 | A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced Order Export For WooCommerce plugin 3.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the view/settings-form.php... |
| CVE-2018-8956 | 2020-05-06 | ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and... |
| CVE-2020-12669 | 2020-05-06 | core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter. |
| CVE-2020-12692 | 2020-05-06 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization... |
| CVE-2020-12691 | 2020-05-06 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role... |
| CVE-2020-12690 | 2020-05-06 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is... |
| CVE-2020-12689 | 2020-05-06 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such... |
| CVE-2020-11042 | 2020-05-07 | Out-of-bounds Read in FreeRDP |
| CVE-2020-11044 | 2020-05-07 | Double Free in FreeRDP |
| CVE-2020-11045 | 2020-05-07 | Out-of-bounds Read in FreeRDP |
| CVE-2020-11046 | 2020-05-07 | Improper Restriction of Operations within the Bounds of a Memory Buffer in FreeRDP |
| CVE-2020-11047 | 2020-05-07 | Out-of-bounds Read in FreeRDP |
| CVE-2020-11048 | 2020-05-07 | Out-of-bounds Read in FreeRDPrdp_read_flow_control_pdu |
| CVE-2020-11049 | 2020-05-07 | Out-of-bounds Read in FreeRDPrdp_read_share_control_header |
| CVE-2020-12696 | 2020-05-07 | The iframe plugin before 4.5 for WordPress does not sanitize a URL. |
| CVE-2020-6081 | 2020-05-07 | An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker... |
| CVE-2020-5894 | 2020-05-07 | On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out. |
| CVE-2020-5895 | 2020-05-07 | On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket.... |
| CVE-2018-5493 | 2020-05-07 | ATTO FibreBridge 7500N firmware versions prior to 2.90 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause Denial of Service (DoS). |
| CVE-2019-18865 | 2020-05-07 | Information disclosure via error message discrepancies in authentication functions in Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to enumerate valid usernames. |
| CVE-2019-18868 | 2020-05-07 | Blaauw Remote Kiln Control through v3.00r4 allows an unauthenticated attacker to access MySQL credentials in cleartext in /engine/db.inc, /lang/nl.bak, or /lang/en.bak. |
| CVE-2019-18867 | 2020-05-07 | Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/,... |
| CVE-2019-18864 | 2020-05-07 | /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. |
| CVE-2019-18866 | 2020-05-07 | Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. |
| CVE-2019-18872 | 2020-05-07 | Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). |
| CVE-2019-18870 | 2020-05-07 | A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine. |
| CVE-2019-18871 | 2020-05-07 | A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. |
| CVE-2019-18869 | 2020-05-07 | Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17. |
| CVE-2020-7473 | 2020-05-07 | In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents... |
| CVE-2020-8982 | 2020-05-07 | An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and... |
| CVE-2020-8983 | 2020-05-07 | An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote... |
| CVE-2020-12687 | 2020-05-07 | An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all... |
| CVE-2020-6652 | 2020-05-07 | Incorrect privilege assignment allowing non-admin users to upload config files |
| CVE-2020-6651 | 2020-05-07 | Command injection via specially crafted file name during config file upload |
| CVE-2020-12683 | 2020-05-07 | Katyshop2 before 2.12 has multiple stored XSS issues. |
| CVE-2020-5747 | 2020-05-07 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. |
| CVE-2020-5744 | 2020-05-07 | Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. |
| CVE-2020-5743 | 2020-05-07 | Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission. |
| CVE-2020-5746 | 2020-05-07 | Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test. |
| CVE-2020-11431 | 2020-05-07 | The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthenticated attacker to read arbitrary system files and... |