Lista CVE - 2020 / Giugno
Visualizzazione 201 - 300 di 1807 CVE per Giugno 2020 (Pagina 3 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-5299 | 2020-06-03 | Potential CSV Injection vector in OctoberCMS |
| CVE-2011-1805 | 2020-06-03 | Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2011-2863 | 2020-06-03 | Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2020-6419 | 2020-06-03 | Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6453 | 2020-06-03 | Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6493 | 2020-06-03 | Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted... |
| CVE-2020-6494 | 2020-06-03 | Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML... |
| CVE-2020-6495 | 2020-06-03 | Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.97 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape... |
| CVE-2020-6496 | 2020-06-03 | Use after free in payments in Google Chrome on MacOS prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2020-6497 | 2020-06-03 | Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted URI. |
| CVE-2020-6498 | 2020-06-03 | Incorrect implementation in user interface in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
| CVE-2020-6499 | 2020-06-03 | Inappropriate implementation in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass AppCache security restrictions via a crafted HTML page. |
| CVE-2020-6500 | 2020-06-03 | Inappropriate implementation in interstitials in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
| CVE-2020-6501 | 2020-06-03 | Insufficient policy enforcement in CSP in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
| CVE-2020-6502 | 2020-06-03 | Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. |
| CVE-2020-6503 | 2020-06-03 | Inappropriate implementation in accessibility in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2020-6504 | 2020-06-03 | Insufficient policy enforcement in notifications in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass notification restrictions via a crafted HTML page. |
| CVE-2020-11091 | 2020-06-03 | Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements |
| CVE-2020-11094 | 2020-06-03 | Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar |
| CVE-2020-7030 | 2020-06-03 | IPO Information Disclosure |
| CVE-2020-10549 | 2020-06-04 | rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to... |
| CVE-2020-10548 | 2020-06-04 | rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to... |
| CVE-2020-10547 | 2020-06-04 | rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to... |
| CVE-2020-10546 | 2020-06-04 | rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to... |
| CVE-2020-13777 | 2020-06-04 | GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version... |
| CVE-2019-16150 | 2020-06-04 | Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to... |
| CVE-2020-13817 | 2020-06-04 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use... |
| CVE-2020-9292 | 2020-06-04 | An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. |
| CVE-2020-6640 | 2020-06-04 | An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description... |
| CVE-2020-13818 | 2020-06-04 | In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. |
| CVE-2020-4183 | 2020-06-04 | IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2020-4191 | 2020-06-04 | IBM Security Guardium 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174852. |
| CVE-2020-4193 | 2020-06-04 | IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857. |
| CVE-2020-4509 | 2020-06-04 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive... |
| CVE-2020-13822 | 2020-06-04 | The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application... |
| CVE-2020-13803 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures. |
| CVE-2020-13804 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin. |
| CVE-2020-13805 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures. |
| CVE-2020-13806 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation. |
| CVE-2020-13827 | 2020-06-04 | phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. |
| CVE-2020-13807 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop. |
| CVE-2020-13809 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream. |
| CVE-2020-13808 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data. |
| CVE-2020-13810 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures. |
| CVE-2020-13692 | 2020-06-04 | PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. |
| CVE-2020-13800 | 2020-06-04 | ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. |
| CVE-2020-13791 | 2020-06-04 | hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. |
| CVE-2020-13811 | 2020-06-04 | An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a crafted TIFF file. |
| CVE-2020-13765 | 2020-06-04 | rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. |
| CVE-2020-13812 | 2020-06-04 | An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory. |
| CVE-2019-16385 | 2020-06-04 | Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application... |
| CVE-2019-16384 | 2020-06-04 | Cybele Thinfinity VirtualUI 2.5.17.2 allows ../ path traversal that can be used for data exfiltration. This enables files outside of the web directory to be retrieved if the exact location... |
| CVE-2020-13813 | 2020-06-04 | An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is used. |
| CVE-2020-13814 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary. |
| CVE-2020-13815 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference. |
| CVE-2019-20813 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference. |
| CVE-2019-20814 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level. |
| CVE-2019-20815 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing. |
| CVE-2019-20816 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data. |
| CVE-2019-20817 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference. |
| CVE-2019-20818 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level. |
| CVE-2019-20819 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing. |
| CVE-2019-20820 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data. |
| CVE-2019-20821 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference. |
| CVE-2019-20822 | 2020-06-04 | An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data. |
| CVE-2020-9462 | 2020-06-04 | An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the... |
| CVE-2018-21244 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029. |
| CVE-2018-21243 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used. |
| CVE-2018-21242 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action. |
| CVE-2018-21241 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code. |
| CVE-2018-21240 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. |
| CVE-2018-21239 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action. |
| CVE-2018-21238 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. |
| CVE-2018-21237 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action. |
| CVE-2018-21236 | 2020-06-04 | An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference. |
| CVE-2018-21235 | 2020-06-04 | An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer. |
| CVE-2019-20837 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures. |
| CVE-2019-20836 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive. |
| CVE-2019-20835 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling. |
| CVE-2019-20834 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures. |
| CVE-2019-20833 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive. |
| CVE-2019-20832 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling. |
| CVE-2019-20831 | 2020-06-04 | An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash. |
| CVE-2019-20830 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used. |
| CVE-2019-20829 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. |
| CVE-2019-20828 | 2020-06-04 | An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. |
| CVE-2019-20827 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color... |
| CVE-2019-20826 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference. |
| CVE-2019-20825 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used. |
| CVE-2019-20824 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file. |
| CVE-2019-20823 | 2020-06-04 | An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs. |
| CVE-2020-13838 | 2020-06-04 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is... |
| CVE-2020-13837 | 2020-06-04 | An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020). |
| CVE-2020-13836 | 2020-06-04 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020). |
| CVE-2020-13835 | 2020-06-04 | An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020). |
| CVE-2020-13834 | 2020-06-04 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary... |
| CVE-2020-13833 | 2020-06-04 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183... |
| CVE-2020-13832 | 2020-06-04 | An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs... |
| CVE-2020-13831 | 2020-06-04 | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June... |
| CVE-2020-13830 | 2020-06-04 | An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020). |