Lista CVE - 2020 / Luglio
Visualizzazione 1301 - 1400 di 1417 CVE per Luglio 2020 (Pagina 14 di 15)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-8553 | 2020-07-29 | Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names |
| CVE-2020-13699 | 2020-07-29 | TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL.... |
| CVE-2020-15099 | 2020-07-29 | Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS |
| CVE-2020-15098 | 2020-07-29 | Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS |
| CVE-2020-15086 | 2020-07-29 | Potential Remote Code Execution in TYPO3 with mediace extension |
| CVE-2020-15125 | 2020-07-29 | Authorization header is not sanitized in an error object in auth0 |
| CVE-2020-11933 | 2020-07-29 | local snapd exploit through cloud-init |
| CVE-2020-11934 | 2020-07-29 | Sandbox escape vulnerability via snapctl user-open (xdg-open) |
| CVE-2019-20025 | 2020-07-29 | Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static... |
| CVE-2019-20026 | 2020-07-29 | The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request. |
| CVE-2019-20027 | 2020-07-29 | Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination... |
| CVE-2019-20028 | 2020-07-29 | Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a... |
| CVE-2019-20029 | 2020-07-29 | An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can... |
| CVE-2019-20030 | 2020-07-29 | An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN... |
| CVE-2019-20031 | 2020-07-29 | NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute... |
| CVE-2019-20032 | 2020-07-29 | An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices,... |
| CVE-2019-20033 | 2020-07-29 | On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface. |
| CVE-2020-15588 | 2020-07-29 | An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a... |
| CVE-2020-15705 | 2020-07-29 | GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim |
| CVE-2020-15706 | 2020-07-29 | GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing. |
| CVE-2020-15707 | 2020-07-29 | GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow. |
| CVE-2020-16118 | 2020-07-29 | In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect... |
| CVE-2020-16117 | 2020-07-29 | In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt.... |
| CVE-2020-14316 | 2020-07-29 | A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume... |
| CVE-2020-5760 | 2020-07-29 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration... |
| CVE-2020-5761 | 2020-07-29 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by... |
| CVE-2020-5762 | 2020-07-29 | Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to... |
| CVE-2020-5763 | 2020-07-29 | Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt. |
| CVE-2020-14308 | 2020-07-29 | In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which... |
| CVE-2017-18923 | 2020-07-29 | beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials. |
| CVE-2020-16135 | 2020-07-29 | libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. |
| CVE-2020-16143 | 2020-07-29 | The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijacking because it loads exchndl.dll from the current working directory. |
| CVE-2020-5610 | 2020-07-30 | Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earlier allows an attacker to cause a denial-of-service (DoS) condition and execute arbitrary code via unspecified vectors. |
| CVE-2020-7699 | 2020-07-30 | Prototype Pollution |
| CVE-2019-10580 | 2020-07-30 | When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2019-14037 | 2020-07-30 | Close and bind operations done on a socket can lead to a Use-After-Free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2019-14093 | 2020-07-30 | Array out of bound access can occur in display module due to lack of bound check on input parcel received in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2019-14099 | 2020-07-30 | Device misbehavior may be observed when incorrect offset, length or number of buffers is passed by user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2019-14100 | 2020-07-30 | Register write via debugfs is disabled by default to prevent register writing via debugfs. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &... |
| CVE-2019-14101 | 2020-07-30 | Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected length in Snapdragon Auto, Snapdragon... |
| CVE-2019-14123 | 2020-07-30 | Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client as non-trustable in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile,... |
| CVE-2019-14124 | 2020-07-30 | Memory failure in content protection module due to not having pointer within the scope in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell,... |
| CVE-2019-14130 | 2020-07-30 | Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and... |
| CVE-2020-3671 | 2020-07-30 | Use-after-free issue could occur due to dangling pointer when generating a frame buffer in OpenGL ES in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &... |
| CVE-2020-3688 | 2020-07-30 | Possible buffer overflow while parsing mp4 clip with corrupted sample atoms due to improper validation of index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2020-3698 | 2020-07-30 | Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon... |
| CVE-2020-3699 | 2020-07-30 | Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon... |
| CVE-2020-3700 | 2020-07-30 | Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon... |
| CVE-2020-3701 | 2020-07-30 | Use after free issue while processing error notification from camx driver due to not properly releasing the sequence data in Snapdragon Mobile in Saipan, SM8250, SXR2130 |
| CVE-2020-14309 | 2020-07-30 | There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads... |
| CVE-2020-8192 | 2020-07-30 | A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas. |
| CVE-2020-8202 | 2020-07-30 | Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. |
| CVE-2020-8204 | 2020-07-30 | A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. |
| CVE-2020-8206 | 2020-07-30 | An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. |
| CVE-2020-8213 | 2020-07-30 | An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response... |
| CVE-2020-8216 | 2020-07-30 | An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID. |
| CVE-2020-8217 | 2020-07-30 | A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA. |
| CVE-2020-8219 | 2020-07-30 | An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator. |
| CVE-2020-8220 | 2020-07-30 | A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. |
| CVE-2020-8221 | 2020-07-30 | A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. |
| CVE-2020-8222 | 2020-07-30 | A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting. |
| CVE-2020-8218 | 2020-07-30 | A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. |
| CVE-2020-4185 | 2020-07-30 | IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174803. |
| CVE-2020-4186 | 2020-07-30 | IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174804. |
| CVE-2020-10713 | 2020-07-30 | A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows... |
| CVE-2020-12620 | 2020-07-30 | Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address). |
| CVE-2020-14162 | 2020-07-30 | An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an... |
| CVE-2020-15957 | 2020-07-30 | An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentralised Privacy-Preserving Proximity Tracing (DP3T). When it is configured to check JWT before uploading/publishing keys, it is possible to skip the... |
| CVE-2020-14158 | 2020-07-30 | The ABUS Secvest FUMO50110 hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged with an alarm panel. This makes it... |
| CVE-2020-15511 | 2020-07-30 | HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1. |
| CVE-2020-7827 | 2020-07-30 | DaviewIndy Use-After-Free Vulnerability |
| CVE-2020-7829 | 2020-07-30 | DaviewIndy Heap-based Buffer Overflow Vulnerability |
| CVE-2020-7828 | 2020-07-30 | DaviewIndy Heap-based Buffer Overflow Vulnerability |
| CVE-2020-16157 | 2020-07-30 | A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu. |
| CVE-2020-15131 | 2020-07-30 | False-positive validity for NFT1 genesis transactions in SLP Validate |
| CVE-2020-15130 | 2020-07-30 | False-positive validity for NFT1 genesis transactions in SLPJS |
| CVE-2020-16164 | 2020-07-30 | An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent... |
| CVE-2020-16163 | 2020-07-30 | An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers... |
| CVE-2020-16162 | 2020-07-30 | An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote... |
| CVE-2020-15129 | 2020-07-30 | Open redirect in Traefik |
| CVE-2020-7205 | 2020-07-30 | A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution... |
| CVE-2020-16165 | 2020-07-30 | The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters. |
| CVE-2020-16166 | 2020-07-30 | The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related... |
| CVE-2020-3460 | 2020-07-31 | Cisco Data Center Network Manager Cross-Site Scripting Vulnerability |
| CVE-2020-3386 | 2020-07-31 | Cisco Data Center Network Manager Improper Authorization Vulnerability |
| CVE-2020-3384 | 2020-07-31 | Cisco Data Center Network Manager Command Injection Vulnerability |
| CVE-2020-3383 | 2020-07-31 | Cisco Data Center Network Manager Path Traversal Vulnerability |
| CVE-2020-3382 | 2020-07-31 | Cisco Data Center Network Manager Authentication Bypass Vulnerability |
| CVE-2020-3377 | 2020-07-31 | Cisco Data Center Network Manager Command Injection Vulnerability |
| CVE-2020-3376 | 2020-07-31 | Cisco Data Center Network Manager Authentication Bypass Vulnerability |
| CVE-2020-3375 | 2020-07-31 | Cisco SD-WAN Solution Software Buffer Overflow Vulnerability |
| CVE-2020-3374 | 2020-07-31 | Cisco SD-WAN vManage Software Authorization Bypass Vulnerability |
| CVE-2020-3461 | 2020-07-31 | Cisco Data Center Network Manager Information Disclosure Vulnerability |
| CVE-2020-3462 | 2020-07-31 | Cisco Data Center Network Manager SQL Injection Vulnerability |
| CVE-2020-3681 | 2020-07-31 | Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code. |
| CVE-2020-9249 | 2020-07-31 | HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have a denial of service vulnerability. A module does not deal with mal-crafted messages and it leads to memory leak. Attackers can... |
| CVE-2020-9248 | 2020-07-31 | Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege... |
| CVE-2020-14520 | 2020-07-31 | The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13). |
| CVE-2020-10731 | 2020-07-31 | A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation... |
| CVE-2020-14334 | 2020-07-31 | A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite... |