Lista CVE - 2020 / Giugno
Visualizzazione 1601 - 1700 di 1807 CVE per Giugno 2020 (Pagina 17 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-15339 | 2020-06-26 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS. |
| CVE-2020-15338 | 2020-06-26 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. |
| CVE-2020-15337 | 2020-06-26 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests. |
| CVE-2020-15336 | 2020-06-26 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. |
| CVE-2020-15335 | 2020-06-26 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. |
| CVE-2020-15334 | 2020-06-26 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file. |
| CVE-2020-15333 | 2020-06-26 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests. |
| CVE-2020-15332 | 2020-06-26 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. |
| CVE-2020-10769 | 2020-06-26 | A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes,... |
| CVE-2020-10727 | 2020-06-26 | A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file)... |
| CVE-2020-10628 | 2020-06-26 | ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes unencrypted passwords on the network. |
| CVE-2020-13891 | 2020-06-26 | An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022. |
| CVE-2020-14477 | 2020-06-26 | Philips Ultrasound Systems Authentication Bypass Using an Alternate Path or Channel |
| CVE-2020-10624 | 2020-06-26 | ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a session token on the network. |
| CVE-2020-11996 | 2020-06-26 | A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If... |
| CVE-2020-14955 | 2020-06-26 | In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values... |
| CVE-2020-9047 | 2020-06-26 | exacqVision Software - Improper Verification of Cryptographic Signature |
| CVE-2020-15351 | 2020-06-26 | IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and... |
| CVE-2013-7489 | 2020-06-26 | The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution. |
| CVE-2020-9626 | 2020-06-26 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9589 | 2020-06-26 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9617 | 2020-06-26 | Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9616 | 2020-06-26 | Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9590 | 2020-06-26 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9620 | 2020-06-26 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9586 | 2020-06-26 | Adobe Character Animator versions 3.2 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9621 | 2020-06-26 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9624 | 2020-06-26 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9629 | 2020-06-26 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9622 | 2020-06-26 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9623 | 2020-06-26 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9625 | 2020-06-26 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9628 | 2020-06-26 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9627 | 2020-06-26 | Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9558 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9567 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9568 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9569 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9566 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9565 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9554 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-3798 | 2020-06-26 | Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9559 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9553 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9562 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9555 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9561 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9560 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9556 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9557 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9564 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9563 | 2020-06-26 | Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9571 | 2020-06-26 | Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9573 | 2020-06-26 | Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9570 | 2020-06-26 | Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9572 | 2020-06-26 | Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9574 | 2020-06-26 | Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-3767 | 2020-06-26 | ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos). |
| CVE-2020-9585 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to arbitrary code... |
| CVE-2020-9579 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code... |
| CVE-2020-9584 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information... |
| CVE-2020-9587 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an authorization bypass vulnerability. Successful exploitation could lead to potentially unauthorized product... |
| CVE-2020-9583 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9582 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9581 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information... |
| CVE-2020-3768 | 2020-06-26 | ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2020-9580 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code... |
| CVE-2020-9632 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code... |
| CVE-2020-9591 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a defense-in-depth security mitigation vulnerability. Successful exploitation could lead to unauthorized access... |
| CVE-2020-9630 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a business logic error vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2020-9631 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a security mitigation bypass vulnerability. Successful exploitation could lead to arbitrary code... |
| CVE-2020-9578 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9588 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification... |
| CVE-2020-3796 | 2020-06-26 | ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure. |
| CVE-2020-3809 | 2020-06-26 | Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . |
| CVE-2020-9576 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9577 | 2020-06-26 | Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information... |
| CVE-2020-4089 | 2020-06-26 | HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems... |
| CVE-2020-15358 | 2020-06-27 | In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. |
| CVE-2020-15360 | 2020-06-27 | com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. |
| CVE-2020-15364 | 2020-06-28 | The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS. |
| CVE-2020-15363 | 2020-06-28 | The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection. |
| CVE-2020-15365 | 2020-06-28 | LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. |
| CVE-2020-14002 | 2020-06-29 | PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key... |
| CVE-2020-15368 | 2020-06-29 | AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3. |
| CVE-2019-20410 | 2020-06-29 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are... |
| CVE-2019-20411 | 2020-06-29 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9,... |
| CVE-2019-20412 | 2020-06-29 | The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow... |
| CVE-2019-20413 | 2020-06-29 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected... |
| CVE-2019-20414 | 2020-06-29 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search.... |
| CVE-2020-8024 | 2020-06-29 | Problematic permissions in hylafax+ packaging allow escalation from uucp to other users |
| CVE-2020-8022 | 2020-06-29 | User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges |
| CVE-2020-8019 | 2020-06-29 | syslog-ng: Local privilege escalation from new to root in %post |
| CVE-2019-3681 | 2020-06-29 | osc: stores downloaded (supposed) RPM in network-controlled filesystem paths |
| CVE-2020-8014 | 2020-06-29 | kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage |
| CVE-2020-12635 | 2020-06-29 | XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field. |
| CVE-2020-13423 | 2020-06-29 | Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header. |
| CVE-2020-4452 | 2020-06-29 | IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324. |
| CVE-2019-19160 | 2020-06-29 | Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp). |
| CVE-2020-12047 | 2020-06-29 | The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a Baxter Spectrum v8.x (model 35700BAX2) in a factory-default wireless configuration enables an FTP service with hard-coded... |