Lista CVE - 2020 / Luglio
Visualizzazione 201 - 300 di 1417 CVE per Luglio 2020 (Pagina 3 di 15)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-15583 | 2020-07-07 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 (July 2020). |
| CVE-2020-15582 | 2020-07-07 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock... |
| CVE-2020-15581 | 2020-07-07 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The... |
| CVE-2020-15580 | 2020-07-07 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID... |
| CVE-2020-15579 | 2020-07-07 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318... |
| CVE-2020-15578 | 2020-07-07 | An issue was discovered on Samsung mobile devices with O(8.x) software. FactoryCamera does not properly restrict runtime permissions. The Samsung ID is SVE-2020-17270 (July 2020). |
| CVE-2020-10745 | 2020-07-07 | A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could... |
| CVE-2020-15577 | 2020-07-07 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020). |
| CVE-2020-10730 | 2020-07-07 | A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped... |
| CVE-2020-15517 | 2020-07-07 | The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS. |
| CVE-2020-15516 | 2020-07-07 | The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF. |
| CVE-2020-15514 | 2020-07-07 | The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS. |
| CVE-2020-15513 | 2020-07-07 | The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control. |
| CVE-2020-15525 | 2020-07-07 | GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. |
| CVE-2020-15509 | 2020-07-07 | Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the... |
| CVE-2020-15392 | 2020-07-07 | A user enumeration vulnerability flaw was found in Venki Supravizio BPM 10.1.2. This issue occurs during password recovery, where a difference in error messages could allow an attacker to determine... |
| CVE-2020-15367 | 2020-07-07 | Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. |
| CVE-2020-15037 | 2020-07-07 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter. |
| CVE-2020-15036 | 2020-07-07 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter. |
| CVE-2019-4324 | 2020-07-07 | "HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." |
| CVE-2019-4323 | 2020-07-07 | "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." |
| CVE-2020-15515 | 2020-07-07 | The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution. |
| CVE-2020-15035 | 2020-07-07 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter. |
| CVE-2020-15034 | 2020-07-07 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter. |
| CVE-2020-15033 | 2020-07-07 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter. |
| CVE-2020-15032 | 2020-07-07 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter. |
| CVE-2020-15031 | 2020-07-07 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter. |
| CVE-2020-15030 | 2020-07-07 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter. |
| CVE-2020-15029 | 2020-07-07 | NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter. |
| CVE-2020-15028 | 2020-07-07 | NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter. |
| CVE-2020-11882 | 2020-07-07 | The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links... |
| CVE-2019-19935 | 2020-07-07 | Froala Editor before 3.2.3 allows XSS. |
| CVE-2020-15350 | 2020-07-07 | RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the... |
| CVE-2019-20896 | 2020-07-07 | WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter. |
| CVE-2020-15095 | 2020-07-07 | Sensitive information exposure through logs in npm cli |
| CVE-2020-12821 | 2020-07-07 | Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack. |
| CVE-2020-8519 | 2020-07-07 | SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql |
| CVE-2020-8520 | 2020-07-07 | SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql |
| CVE-2020-8521 | 2020-07-07 | SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql |
| CVE-2020-12736 | 2020-07-07 | Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has... |
| CVE-2020-15008 | 2020-07-07 | A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table... |
| CVE-2020-8916 | 2020-07-07 | Memory leak in wpanctl can lead to DoS |
| CVE-2020-15599 | 2020-07-07 | Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. |
| CVE-2020-15600 | 2020-07-07 | An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password. |
| CVE-2020-3931 | 2020-07-08 | GeoVision Door Access Control Device - Buffer overflow vulnerability |
| CVE-2020-11849 | 2020-07-08 | Elevation of privilege and unauthorized access in Micro Focus Identity Manager product |
| CVE-2020-5764 | 2020-07-08 | MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. An attacker can exploit... |
| CVE-2020-7140 | 2020-07-08 | A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information... |
| CVE-2020-3973 | 2020-07-08 | The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and... |
| CVE-2020-6938 | 2020-07-08 | A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files. |
| CVE-2020-5839 | 2020-07-08 | Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. |
| CVE-2020-11994 | 2020-07-08 | Server-Side Template Injection and arbitrary file disclosure on Camel templating components |
| CVE-2020-1982 | 2020-07-08 | PAN-OS: TLS 1.0 usage for certain communications with Palo Alto Networks cloud delivered services |
| CVE-2020-2030 | 2020-07-08 | PAN-OS: OS command injection vulnerability in the management interface |
| CVE-2020-2031 | 2020-07-08 | PAN-OS: Integer underflow in the management interface |
| CVE-2020-2034 | 2020-07-08 | PAN-OS: OS command injection vulnerability in GlobalProtect portal |
| CVE-2019-19417 | 2020-07-08 | The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the... |
| CVE-2019-19416 | 2020-07-08 | The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the... |
| CVE-2019-19415 | 2020-07-08 | The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the... |
| CVE-2020-15073 | 2020-07-08 | An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists... |
| CVE-2020-15072 | 2020-07-08 | An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section. |
| CVE-2020-5974 | 2020-07-08 | NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges. |
| CVE-2020-5604 | 2020-07-09 | Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API... |
| CVE-2020-9377 | 2020-07-09 | D-Link DIR-610 devices allow Remote Command Execution via the cmd parameter to command.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| CVE-2020-9376 | 2020-07-09 | D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| CVE-2020-7692 | 2020-07-09 | Improper Authorization |
| CVE-2020-7693 | 2020-07-09 | Denial of Service (DoS) |
| CVE-2020-5366 | 2020-07-09 | Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to... |
| CVE-2020-7457 | 2020-07-09 | In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELEASE before p1, and 11.3-RELEASE before p11, missing synchronization in the IPV6_2292PKTOPTIONS socket option set handler contained a race... |
| CVE-2020-7458 | 2020-07-09 | In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap... |
| CVE-2018-12371 | 2020-07-09 | An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of... |
| CVE-2020-12424 | 2020-07-09 | When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was... |
| CVE-2020-12418 | 2020-07-09 | Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and... |
| CVE-2020-12426 | 2020-07-09 | Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2020-12415 | 2020-07-09 | When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache... |
| CVE-2020-12417 | 2020-07-09 | Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects... |
| CVE-2020-12419 | 2020-07-09 | When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a... |
| CVE-2020-12420 | 2020-07-09 | When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability... |
| CVE-2020-12421 | 2020-07-09 | When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without... |
| CVE-2020-12422 | 2020-07-09 | In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable... |
| CVE-2020-12423 | 2020-07-09 | When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL,... |
| CVE-2020-12425 | 2020-07-09 | Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78. |
| CVE-2020-12416 | 2020-07-09 | A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. |
| CVE-2020-12404 | 2020-07-09 | For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files.... |
| CVE-2020-12406 | 2020-07-09 | Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run... |
| CVE-2020-12405 | 2020-07-09 | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and... |
| CVE-2020-12410 | 2020-07-09 | Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort... |
| CVE-2020-12398 | 2020-07-09 | If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to... |
| CVE-2020-12409 | 2020-07-09 | When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox < 77. |
| CVE-2020-12411 | 2020-07-09 | Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could... |
| CVE-2020-12408 | 2020-07-09 | When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar. This vulnerability affects Firefox <... |
| CVE-2020-12412 | 2020-07-09 | By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as... |
| CVE-2020-13992 | 2020-07-09 | An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with... |
| CVE-2020-13993 | 2020-07-09 | An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket. |
| CVE-2020-12399 | 2020-07-09 | NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR... |
| CVE-2020-12402 | 2020-07-09 | During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel... |
| CVE-2020-13994 | 2020-07-09 | An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of... |
| CVE-2020-12407 | 2020-07-09 | Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the... |
| CVE-2020-12414 | 2020-07-09 | IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be... |
| CVE-2020-10756 | 2020-07-09 | An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also... |