Lista CVE - 2020 / Luglio
Visualizzazione 1001 - 1100 di 1417 CVE per Luglio 2020 (Pagina 11 di 15)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-12432 | 2020-07-21 | The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could... |
| CVE-2020-15866 | 2020-07-21 | mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function. |
| CVE-2020-12499 | 2020-07-21 | PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier: Improper path sanitation vulnerability. |
| CVE-2020-15859 | 2020-07-21 | QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. |
| CVE-2020-15873 | 2020-07-21 | In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php. |
| CVE-2016-7063 | 2020-07-21 | A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation. |
| CVE-2016-7064 | 2020-07-21 | A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage |
| CVE-2020-15879 | 2020-07-21 | Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8,... |
| CVE-2020-15877 | 2020-07-21 | An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php. |
| CVE-2020-15723 | 2020-07-21 | In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who... |
| CVE-2020-15722 | 2020-07-21 | In version 12.1.0.1004 and below of 360 Total Security,when TPI calls the browser process, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking could execute... |
| CVE-2020-14063 | 2020-07-21 | A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom JavaScript plugin before 1.2.2 for WordPress allows unauthenticated remote attackers to inject arbitrary JavaScript via the tccj-content parameter. This is... |
| CVE-2020-15724 | 2020-07-21 | In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to... |
| CVE-2020-15102 | 2020-07-21 | Improper access control on dashboard form in PrestaShop |
| CVE-2020-15890 | 2020-07-21 | LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. |
| CVE-2020-15889 | 2020-07-21 | Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. |
| CVE-2020-15888 | 2020-07-21 | Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. |
| CVE-2020-12774 | 2020-07-22 | D-Link DSL-7740C - Command Injection |
| CVE-2019-18619 | 2020-07-22 | Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the... |
| CVE-2019-18618 | 2020-07-22 | Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise... |
| CVE-2020-8559 | 2020-07-22 | Privilege escalation from compromised node to cluster |
| CVE-2019-16244 | 2020-07-22 | OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query. |
| CVE-2020-6505 | 2020-07-22 | Use after free in speech in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2020-6506 | 2020-07-22 | Insufficient policy enforcement in WebView in Google Chrome on Android prior to 83.0.4103.106 allowed a remote attacker to bypass site isolation via a crafted HTML page. |
| CVE-2020-6507 | 2020-07-22 | Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6509 | 2020-07-22 | Use after free in extensions in Google Chrome prior to 83.0.4103.116 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via... |
| CVE-2020-6510 | 2020-07-22 | Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6511 | 2020-07-22 | Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2020-6512 | 2020-07-22 | Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6513 | 2020-07-22 | Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. |
| CVE-2020-6514 | 2020-07-22 | Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. |
| CVE-2020-6515 | 2020-07-22 | Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6516 | 2020-07-22 | Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2020-6517 | 2020-07-22 | Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6518 | 2020-07-22 | Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption... |
| CVE-2020-6519 | 2020-07-22 | Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
| CVE-2020-6520 | 2020-07-22 | Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6521 | 2020-07-22 | Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2020-6522 | 2020-07-22 | Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2020-6523 | 2020-07-22 | Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6524 | 2020-07-22 | Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6525 | 2020-07-22 | Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6526 | 2020-07-22 | Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2020-6527 | 2020-07-22 | Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. |
| CVE-2020-6528 | 2020-07-22 | Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted... |
| CVE-2020-6529 | 2020-07-22 | Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. |
| CVE-2020-6530 | 2020-07-22 | Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap... |
| CVE-2020-6531 | 2020-07-22 | Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2020-6533 | 2020-07-22 | Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6534 | 2020-07-22 | Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6535 | 2020-07-22 | Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page... |
| CVE-2020-6536 | 2020-07-22 | Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the... |
| CVE-2020-15124 | 2020-07-22 | Path traversal in Goobi viewer Core |
| CVE-2014-1422 | 2020-07-22 | Location service uses cached authorization even after revocation |
| CVE-2020-15806 | 2020-07-22 | CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. |
| CVE-2020-15896 | 2020-07-22 | An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This... |
| CVE-2020-15895 | 2020-07-22 | An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the... |
| CVE-2020-15894 | 2020-07-22 | An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be... |
| CVE-2020-15893 | 2020-07-22 | An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by... |
| CVE-2020-15892 | 2020-07-22 | An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to... |
| CVE-2020-9676 | 2020-07-22 | Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9674 | 2020-07-22 | Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9675 | 2020-07-22 | Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9684 | 2020-07-22 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9686 | 2020-07-22 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9687 | 2020-07-22 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9685 | 2020-07-22 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9683 | 2020-07-22 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9679 | 2020-07-22 | Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9677 | 2020-07-22 | Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9678 | 2020-07-22 | Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9680 | 2020-07-22 | Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . |
| CVE-2020-9663 | 2020-07-22 | Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9665 | 2020-07-22 | Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2020-9664 | 2020-07-22 | Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a php object injection vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-3452 | 2020-07-22 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability |
| CVE-2020-4369 | 2020-07-22 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004. |
| CVE-2020-4371 | 2020-07-22 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force... |
| CVE-2020-4372 | 2020-07-22 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009 |
| CVE-2020-4385 | 2020-07-22 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,... |
| CVE-2020-4397 | 2020-07-22 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428. |
| CVE-2020-4399 | 2020-07-22 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476. |
| CVE-2020-4400 | 2020-07-22 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478. |
| CVE-2020-15902 | 2020-07-22 | Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option. |
| CVE-2020-15901 | 2020-07-22 | In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. |
| CVE-2020-15904 | 2020-07-22 | A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file. |
| CVE-2020-10917 | 2020-07-22 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2020-15126 | 2020-07-22 | Information disclosure through Viewer query in parse-server |
| CVE-2020-15908 | 2020-07-23 | tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6.0 allows Directory Traversal during extraction from a TAR archive. |
| CVE-2020-15688 | 2020-07-23 | The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if... |
| CVE-2020-15887 | 2020-07-23 | A SQL injection vulnerability in softwareupdate_controller.php in the Software Update module before 1.6 for MunkiReport allows attackers to execute arbitrary SQL commands via the last URL parameter of the /module/softwareupdate/get_tab_data/... |
| CVE-2020-15886 | 2020-07-23 | A SQL injection vulnerability in reportdata_controller.php in the reportdata module before 3.5 for MunkiReport allows attackers to execute arbitrary SQL commands via the req parameter of the /module/reportdata/ip endpoint. |
| CVE-2020-15885 | 2020-07-23 | A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment. |
| CVE-2020-15884 | 2020-07-23 | A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order[0][dir] field on POST requests to /datatables/data. |
| CVE-2020-15883 | 2020-07-23 | A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through... |
| CVE-2020-15882 | 2020-07-23 | A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6.3 allows attackers to delete arbitrary machines from the MunkiReport database. |
| CVE-2020-15881 | 2020-07-23 | A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name. |
| CVE-2020-11440 | 2020-07-23 | httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. |
| CVE-2020-15912 | 2020-07-23 | Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to... |
| CVE-2019-11252 | 2020-07-23 | Credential leakage when failing to mount |