Lista CVE - 2020 / Luglio
Visualizzazione 1401 - 1417 di 1417 CVE per Luglio 2020 (Pagina 15 di 15)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-14337 | 2020-07-31 | A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from... |
| CVE-2020-16136 | 2020-07-31 | In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via... |
| CVE-2020-12081 | 2020-07-31 | An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0.2. The web portal link can be used to access to system files or other important files on the... |
| CVE-2020-15134 | 2020-07-31 | Missing TLS certificate verification in Faye |
| CVE-2020-15133 | 2020-07-31 | Missing TLS certificate verification in Faye Websocket |
| CVE-2020-5384 | 2020-07-31 | Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to... |
| CVE-2020-15128 | 2020-07-31 | Reliance on Cookies without validation in OctoberCMS |
| CVE-2019-11286 | 2020-07-31 | JMX Credential Deserialization in GemFire |
| CVE-2020-5396 | 2020-07-31 | JMX Insecure Default Configuration in GemFire |
| CVE-2020-5413 | 2020-07-31 | Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets" |
| CVE-2020-5414 | 2020-07-31 | App Autoscaler logs credentials |
| CVE-2020-15870 | 2020-07-31 | Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2). |
| CVE-2020-15869 | 2020-07-31 | Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2). |
| CVE-2020-15871 | 2020-07-31 | Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. |
| CVE-2020-14310 | 2020-07-31 | There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't... |
| CVE-2020-14311 | 2020-07-31 | There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic... |
| CVE-2020-8108 | 2020-08-03 | Insufficient client validation in Bitdefender Endpoint Security for Mac (VA-8759) |
| CVE-2019-4366 | 2020-08-03 | IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748. |
| CVE-2019-4589 | 2020-08-03 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID:... |
| CVE-2020-4328 | 2020-08-03 | IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information... |
| CVE-2020-4377 | 2020-08-03 | IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive... |
| CVE-2020-4534 | 2020-08-03 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By... |
| CVE-2020-4549 | 2020-08-03 | IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted... |
| CVE-2020-4550 | 2020-08-03 | IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open... |
| CVE-2020-4551 | 2020-08-03 | IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open... |
| CVE-2020-4552 | 2020-08-03 | IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted... |
| CVE-2020-4553 | 2020-08-03 | IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open... |
| CVE-2020-4554 | 2020-08-03 | IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open... |
| CVE-2020-4560 | 2020-08-03 | IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2019-19453 | 2020-08-03 | Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will... |
| CVE-2019-19455 | 2020-08-03 | Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in... |
| CVE-2015-9549 | 2020-08-03 | A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php. |
| CVE-2020-16269 | 2020-08-03 | radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. |
| CVE-2020-16272 | 2020-08-03 | The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via... |
| CVE-2020-16271 | 2020-08-03 | The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection. |
| CVE-2020-13820 | 2020-08-03 | Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. |
| CVE-2020-12739 | 2020-08-03 | A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. |
| CVE-2020-14319 | 2020-08-03 | It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For... |
| CVE-2020-16131 | 2020-08-03 | Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php. |
| CVE-2020-8575 | 2020-08-03 | Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS). |
| CVE-2020-8574 | 2020-08-03 | Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users. |
| CVE-2020-16116 | 2020-08-03 | In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. |
| CVE-2020-5772 | 2020-08-03 | Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. |
| CVE-2020-5773 | 2020-08-03 | Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations. |
| CVE-2020-5770 | 2020-08-03 | Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. |
| CVE-2020-5771 | 2020-08-03 | Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. |
| CVE-2020-11584 | 2020-08-03 | A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. |
| CVE-2020-11583 | 2020-08-03 | A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. |
| CVE-2020-5615 | 2020-08-04 | Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| CVE-2020-5616 | 2020-08-04 | [Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01]... |
| CVE-2020-5617 | 2020-08-04 | Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors. |
| CVE-2019-20001 | 2020-08-04 | An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. |
| CVE-2020-15467 | 2020-08-04 | The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise. |
| CVE-2020-6012 | 2020-08-04 | ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such... |
| CVE-2020-7822 | 2020-08-04 | DaviewIndy Multiple Vulnerabilities |
| CVE-2020-7823 | 2020-08-04 | DaviewIndy Multiple Vulnerabilities |
| CVE-2020-4396 | 2020-08-04 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-4410 | 2020-08-04 | IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not... |
| CVE-2020-4459 | 2020-08-04 | IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption... |
| CVE-2020-4525 | 2020-08-04 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-4542 | 2020-08-04 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-4631 | 2020-08-04 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to... |
| CVE-2020-16134 | 2020-08-04 | An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to... |
| CVE-2020-16203 | 2020-08-04 | Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an... |
| CVE-2020-16201 | 2020-08-04 | Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information. |
| CVE-2020-16199 | 2020-08-04 | Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify... |
| CVE-2020-13523 | 2020-08-04 | An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can... |
| CVE-2020-15944 | 2020-08-04 | An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can... |
| CVE-2020-15956 | 2020-08-04 | ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload. |
| CVE-2020-13522 | 2020-08-04 | An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file... |
| CVE-2020-15943 | 2020-08-04 | An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of... |
| CVE-2020-16843 | 2020-08-04 | In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when... |
| CVE-2020-16847 | 2020-08-04 | Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. |
| CVE-2020-15135 | 2020-08-04 | CSRF vulnerability in save-server |
| CVE-2020-15109 | 2020-08-04 | Ability to change order address without triggering address validations in solidus |
| CVE-2017-18112 | 2020-08-05 | Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before... |
| CVE-2020-13151 | 2020-08-05 | Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by... |
| CVE-2020-17353 | 2020-08-05 | scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. |
| CVE-2020-14344 | 2020-08-05 | An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security... |
| CVE-2020-14347 | 2020-08-05 | A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs... |
| CVE-2020-5609 | 2020-08-05 | Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01... |
| CVE-2020-5608 | 2020-08-05 | CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000... |
| CVE-2020-4243 | 2020-08-05 | IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session... |
| CVE-2020-4481 | 2020-08-05 | IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability... |
| CVE-2020-13921 | 2020-08-05 | **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. |
| CVE-2020-13819 | 2020-08-05 | Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. |
| CVE-2020-16252 | 2020-08-05 | The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. |
| CVE-2020-16253 | 2020-08-05 | The PgHero gem through 2.6.0 for Ruby allows CSRF. |
| CVE-2020-8607 | 2020-08-05 | An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to... |
| CVE-2020-17364 | 2020-08-05 | USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. |
| CVE-2020-16192 | 2020-08-05 | LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters. |
| CVE-2020-15106 | 2020-08-05 | Improper Input Validation in etcd |
| CVE-2020-15113 | 2020-08-05 | Improper Preservation of Permissions in etcd |
| CVE-2020-16254 | 2020-08-05 | The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). |
| CVE-2020-15112 | 2020-08-05 | Improper Input Validation in etcd |
| CVE-2020-15127 | 2020-08-05 | Denial of service in Contour |
| CVE-2020-15132 | 2020-08-05 | Reset Password / Login vulnerability in Sulu |
| CVE-2020-7298 | 2020-08-05 | Total Protection (MTP) - Unexpected behavior violation |
| CVE-2020-13404 | 2020-08-05 | The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection. |
| CVE-2020-17366 | 2020-08-05 | An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing... |