Lista CVE - 2020 / Giugno
Visualizzazione 1701 - 1800 di 1807 CVE per Giugno 2020 (Pagina 18 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-12043 | 2020-06-29 | The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted. |
| CVE-2020-12045 | 2020-06-29 | The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in conjunction with a Baxter Spectrum v8.x (model 35700BAX2), operates a Telnet service on Port 1023 with hard-coded... |
| CVE-2020-12041 | 2020-06-29 | The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command-Line Interface, grants access to sensitive data stored on the WBM that permits temporary configuration changes to network settings... |
| CVE-2020-12039 | 2020-06-29 | Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide... |
| CVE-2020-12040 | 2020-06-29 | Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated clear-text communication channel to send and receive... |
| CVE-2020-12048 | 2020-06-29 | Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and prescription data on the network between the... |
| CVE-2020-12037 | 2020-06-29 | Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient... |
| CVE-2020-12035 | 2020-06-29 | Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password that provides access to biomedical information, device settings, calibration settings, and network... |
| CVE-2020-12036 | 2020-06-29 | Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient... |
| CVE-2020-12024 | 2020-06-29 | Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user... |
| CVE-2020-12020 | 2020-06-29 | Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system... |
| CVE-2020-12032 | 2020-06-29 | Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with... |
| CVE-2020-12008 | 2020-06-29 | Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an... |
| CVE-2020-12016 | 2020-06-29 | Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13,... |
| CVE-2020-12012 | 2020-06-29 | Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and... |
| CVE-2019-18254 | 2020-06-29 | BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial... |
| CVE-2019-18256 | 2020-06-29 | BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for... |
| CVE-2019-18246 | 2020-06-29 | BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure. |
| CVE-2019-18248 | 2020-06-29 | BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the... |
| CVE-2019-18252 | 2020-06-29 | BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the... |
| CVE-2020-4557 | 2020-06-29 | IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code... |
| CVE-2020-8573 | 2020-06-29 | The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During... |
| CVE-2020-15312 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. |
| CVE-2020-15313 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. |
| CVE-2020-15314 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. |
| CVE-2020-15315 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. |
| CVE-2020-15316 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. |
| CVE-2020-2021 | 2020-06-29 | PAN-OS: Authentication Bypass in SAML Authentication |
| CVE-2020-15317 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. |
| CVE-2020-15318 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/mysql chroot directory tree. |
| CVE-2020-15319 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. |
| CVE-2020-15320 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. |
| CVE-2020-15321 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. |
| CVE-2020-15322 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. |
| CVE-2020-15323 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. |
| CVE-2020-15324 | 2020-06-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. |
| CVE-2020-15362 | 2020-06-29 | wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this... |
| CVE-2020-14068 | 2020-06-29 | An issue was discovered in MK-AUTH 19.01. The web login functionality allows an attacker to bypass authentication and gain client privileges via SQL injection in central/executar_login.php. |
| CVE-2020-14069 | 2020-06-29 | An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php, and wifi.php. |
| CVE-2020-14070 | 2020-06-29 | An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access. |
| CVE-2020-14071 | 2020-06-29 | An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin and client scripts allow an attacker to execute arbitrary JavaScript code. |
| CVE-2020-14072 | 2020-06-29 | An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts. |
| CVE-2020-14412 | 2020-06-29 | NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands)... |
| CVE-2020-14413 | 2020-06-29 | NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily... |
| CVE-2020-14414 | 2020-06-29 | NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands)... |
| CVE-2020-13896 | 2020-06-29 | The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software... |
| CVE-2020-15069 | 2020-06-29 | Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls... |
| CVE-2020-14145 | 2020-06-29 | The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts... |
| CVE-2018-6446 | 2020-06-29 | A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented... |
| CVE-2020-15043 | 2020-06-29 | iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses. |
| CVE-2020-13657 | 2020-06-29 | An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control... |
| CVE-2020-4037 | 2020-06-29 | Open Redirect in OAuth2 Proxy |
| CVE-2020-4067 | 2020-06-29 | Improper Initialization in coturn |
| CVE-2020-15389 | 2020-06-29 | jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor.... |
| CVE-2020-15393 | 2020-06-29 | In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770. |
| CVE-2019-20415 | 2020-06-30 | Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before... |
| CVE-2019-20416 | 2020-06-30 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature.... |
| CVE-2020-5580 | 2020-06-30 | Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors. |
| CVE-2020-5581 | 2020-06-30 | Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors. |
| CVE-2020-5582 | 2020-06-30 | Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors. |
| CVE-2020-5583 | 2020-06-30 | Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors. |
| CVE-2020-5584 | 2020-06-30 | Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors. |
| CVE-2020-5585 | 2020-06-30 | Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. |
| CVE-2020-5586 | 2020-06-30 | Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors. |
| CVE-2020-5587 | 2020-06-30 | Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors. |
| CVE-2020-5588 | 2020-06-30 | Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors. |
| CVE-2020-5601 | 2020-06-30 | Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote attackers to execute an arbitrary command via unspecified vectors. |
| CVE-2020-5602 | 2020-06-30 | Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier,... |
| CVE-2020-5603 | 2020-06-30 | Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM... |
| CVE-2020-15395 | 2020-06-30 | In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based buffer over-read in Streams_Fill_PerStream in Multiple/File_MpegPs.cpp (aka an off-by-one during MpegPs parsing). |
| CVE-2017-18922 | 2020-06-30 | It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to... |
| CVE-2020-15396 | 2020-06-30 | In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his... |
| CVE-2020-15397 | 2020-06-30 | HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows... |
| CVE-2019-20893 | 2020-06-30 | An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted... |
| CVE-2020-15400 | 2020-06-30 | CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. |
| CVE-2020-15401 | 2020-06-30 | IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link. |
| CVE-2020-7816 | 2020-06-30 | A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker to cause an arbitrary code execution on an affected device.nThe... |
| CVE-2020-15411 | 2020-06-30 | An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader. |
| CVE-2020-15412 | 2020-06-30 | An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form. |
| CVE-2019-19163 | 2020-06-30 | Commax WallPad Remote Code Execution Vulnerability |
| CVE-2019-19161 | 2020-06-30 | To be able to change Dll Files to preload with missing support for integrity check vulnerability MIPLATFORM ActiveX of TOBESOFT.CO.LTD, |
| CVE-2020-15415 | 2020-06-30 | On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue... |
| CVE-2020-9483 | 2020-06-30 | **Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to... |
| CVE-2020-14956 | 2020-06-30 | In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input... |
| CVE-2020-14957 | 2020-06-30 | In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input... |
| CVE-2020-4044 | 2020-06-30 | Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it |
| CVE-2020-15084 | 2020-06-30 | Authorization bypass in express-jwt |
| CVE-2020-15085 | 2020-06-30 | Client caching login operation with plaintext password in Saleor Storefront |
| CVE-2020-13095 | 2020-06-30 | Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a... |
| CVE-2020-15087 | 2020-06-30 | Privilege escalation in Presto |
| CVE-2020-14482 | 2020-06-30 | Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the... |
| CVE-2020-15307 | 2020-06-30 | Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name. |
| CVE-2020-15049 | 2020-06-30 | An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an... |
| CVE-2020-14474 | 2020-06-30 | The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using... |
| CVE-2020-14059 | 2020-06-30 | An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an... |
| CVE-2020-14058 | 2020-06-30 | An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to... |
| CVE-2020-7049 | 2020-06-30 | Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. |
| CVE-2020-9413 | 2020-06-30 | TIBCO Managed File Transfer reflected XSS vulerability |
| CVE-2020-9414 | 2020-06-30 | TIBCO Managed File Transfer reflected XSS vulerability |
| CVE-2020-14947 | 2020-06-30 | OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid. |