Lista CVE - 2020 / Maggio
Visualizzazione 301 - 400 di 1017 CVE per Maggio 2020 (Pagina 4 di 11)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-1698 | 2020-05-11 | A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability... |
| CVE-2020-12783 | 2020-05-11 | Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. |
| CVE-2020-11108 | 2020-05-11 | The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in... |
| CVE-2020-12745 | 2020-05-11 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and access clipboard content via USSD. The Samsung ID is SVE-2019-16556 (May... |
| CVE-2020-11863 | 2020-05-11 | libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). |
| CVE-2020-11864 | 2020-05-11 | libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). |
| CVE-2020-11865 | 2020-05-11 | libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. |
| CVE-2020-11866 | 2020-05-11 | libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. |
| CVE-2020-12746 | 2020-05-11 | An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to... |
| CVE-2020-12747 | 2020-05-11 | An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific... |
| CVE-2020-12748 | 2020-05-11 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and designate a different preferred SIM card. The Samsung ID is SVE-2020-16594... |
| CVE-2020-12749 | 2020-05-11 | An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The S.LSI Wi-Fi drivers have a buffer overflow. The Samsung ID is SVE-2020-16906 (May 2020). |
| CVE-2020-12750 | 2020-05-11 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via SPEN. The Samsung ID is SVE-2020-17019 (May 2020). |
| CVE-2020-12751 | 2020-05-11 | An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted... |
| CVE-2020-12752 | 2020-05-11 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Attackers can determine user credentials via a brute-force attack against the Gatekeeper trustlet. The Samsung... |
| CVE-2020-12753 | 2020-05-11 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3... |
| CVE-2020-12754 | 2020-05-11 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window... |
| CVE-2020-12784 | 2020-05-11 | cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). |
| CVE-2020-12785 | 2020-05-11 | cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). |
| CVE-2020-12760 | 2020-05-11 | An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ... |
| CVE-2018-1285 | 2020-05-11 | Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files. |
| CVE-2019-4667 | 2020-05-11 | IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this... |
| CVE-2019-19162 | 2020-05-11 | A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it. |
| CVE-2019-5500 | 2020-05-11 | Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS). |
| CVE-2020-12790 | 2020-05-11 | In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template... |
| CVE-2020-5833 | 2020-05-11 | Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory... |
| CVE-2020-5834 | 2020-05-11 | Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. |
| CVE-2020-5835 | 2020-05-11 | Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. |
| CVE-2020-5836 | 2020-05-11 | Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. |
| CVE-2020-5837 | 2020-05-11 | Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of... |
| CVE-2020-7647 | 2020-05-11 | All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. |
| CVE-2020-9840 | 2020-05-11 | In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions. |
| CVE-2020-1724 | 2020-05-11 | A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged... |
| CVE-2020-10019 | 2020-05-11 | Buffer Overflow in USB DFU requested length |
| CVE-2020-10021 | 2020-05-11 | Out-of-bounds write in USB Mass Storage with unaligned sizes |
| CVE-2020-10022 | 2020-05-11 | UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array |
| CVE-2020-10023 | 2020-05-11 | Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim |
| CVE-2020-10024 | 2020-05-11 | ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers |
| CVE-2020-10027 | 2020-05-11 | ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers |
| CVE-2020-10028 | 2020-05-11 | Multiple Syscalls In GPIO Subsystem Performs No Argument Validation |
| CVE-2020-10058 | 2020-05-11 | Multiple Syscalls In kscan Subsystem Performs No Argument Validation |
| CVE-2020-10059 | 2020-05-11 | UpdateHub Module Explicitly Disables TLS Verification |
| CVE-2020-10060 | 2020-05-11 | UpdateHub Might Dereference An Uninitialized Pointer |
| CVE-2020-10067 | 2020-05-11 | Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory |
| CVE-2020-11058 | 2020-05-12 | Improper Restriction of Operations within the Bounds of a Memory Buffer in FreeRDP |
| CVE-2020-11071 | 2020-05-12 | False-negative validation results in MINT transactions with invalid baton |
| CVE-2020-11072 | 2020-05-12 | False-negative validation results in MINT transactions with invalid baton |
| CVE-2020-8156 | 2020-05-12 | A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. |
| CVE-2020-8154 | 2020-05-12 | An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. |
| CVE-2020-8155 | 2020-05-12 | An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. |
| CVE-2020-8153 | 2020-05-12 | Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. |
| CVE-2020-8151 | 2020-05-12 | There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly... |
| CVE-2020-8159 | 2020-05-12 | There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker... |
| CVE-2019-4478 | 2020-05-12 | IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. |
| CVE-2020-4195 | 2020-05-12 | IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a... |
| CVE-2020-4346 | 2020-05-12 | IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322. |
| CVE-2020-1763 | 2020-05-12 | An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by... |
| CVE-2020-10706 | 2020-05-12 | A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access... |
| CVE-2020-1939 | 2020-05-12 | The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The... |
| CVE-2020-5897 | 2020-05-12 | In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. |
| CVE-2020-5896 | 2020-05-12 | On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. |
| CVE-2020-5898 | 2020-05-12 | In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl... |
| CVE-2020-5248 | 2020-05-12 | Public GLPIKEY can be used to decrypt any data in GLPI |
| CVE-2020-12823 | 2020-05-12 | OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. |
| CVE-2020-1746 | 2020-05-12 | A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and... |
| CVE-2020-12825 | 2020-05-12 | libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. |
| CVE-2020-6240 | 2020-05-12 | SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing... |
| CVE-2020-6243 | 2020-05-12 | Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored... |
| CVE-2020-6249 | 2020-05-12 | The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries,... |
| CVE-2020-6245 | 2020-05-12 | SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to... |
| CVE-2020-6247 | 2020-05-12 | SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or... |
| CVE-2020-6251 | 2020-05-12 | Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted. |
| CVE-2020-6248 | 2020-05-12 | SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or... |
| CVE-2020-6256 | 2020-05-12 | SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing... |
| CVE-2020-6262 | 2020-05-12 | Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application.... |
| CVE-2020-6250 | 2020-05-12 | SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This... |
| CVE-2020-6257 | 2020-05-12 | SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. |
| CVE-2020-6244 | 2020-05-12 | SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by... |
| CVE-2020-6253 | 2020-05-12 | Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute... |
| CVE-2020-6252 | 2020-05-12 | Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can... |
| CVE-2020-6259 | 2020-05-12 | Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. |
| CVE-2020-6241 | 2020-05-12 | SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. |
| CVE-2020-6254 | 2020-05-12 | SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site... |
| CVE-2020-6258 | 2020-05-12 | SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization... |
| CVE-2020-6242 | 2020-05-12 | SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of... |
| CVE-2020-12826 | 2020-05-12 | A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent... |
| CVE-2020-11062 | 2020-05-12 | Reflexive XSS in GLPI |
| CVE-2020-11060 | 2020-05-12 | Remote Code Execution in GLPI |
| CVE-2020-12772 | 2020-05-12 | An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing... |
| CVE-2020-1718 | 2020-05-12 | A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application. |
| CVE-2020-11057 | 2020-05-12 | Code Injection in XWiki Platform |
| CVE-2020-11932 | 2020-05-13 | Subiquity server installer logged LUKS full disk encryption password |
| CVE-2020-3327 | 2020-05-13 | ClamAV ARJ Archive Parsing Denial of Service Vulnerability |
| CVE-2020-3341 | 2020-05-13 | ClamAV PDF Parsing Denial of Service Vulnerability |
| CVE-2020-4312 | 2020-05-13 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089. |
| CVE-2020-10654 | 2020-05-13 | Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. |
| CVE-2020-12697 | 2020-05-13 | The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries. |
| CVE-2020-12698 | 2020-05-13 | The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables. |
| CVE-2020-12699 | 2020-05-13 | The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. |
| CVE-2020-12700 | 2020-05-13 | The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query. |