Lista CVE - 2020 / Agosto
Visualizzazione 101 - 200 di 1160 CVE per Agosto 2020 (Pagina 2 di 12)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-12441 | 2020-08-06 | Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. The DoS can be triggered by sending... |
| CVE-2020-13793 | 2020-08-06 | Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. |
| CVE-2020-15115 | 2020-08-06 | No minimum password length in etcd |
| CVE-2020-15114 | 2020-08-06 | Denial of Service in etcd |
| CVE-2020-15136 | 2020-08-06 | Improper authentication in etcd |
| CVE-2020-11937 | 2020-08-06 | Resource exhaustion vulnerability in whoopsie |
| CVE-2020-15701 | 2020-08-06 | Unhandled exception in apport |
| CVE-2020-15702 | 2020-08-06 | TOCTOU in apport |
| CVE-2020-16219 | 2020-08-06 | Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify... |
| CVE-2020-16223 | 2020-08-06 | Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker... |
| CVE-2020-16221 | 2020-08-06 | Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker... |
| CVE-2020-16227 | 2020-08-06 | Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a... |
| CVE-2020-16225 | 2020-08-06 | Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to... |
| CVE-2020-8026 | 2020-08-07 | inn: non-root owned files |
| CVE-2020-8025 | 2020-08-07 | outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues |
| CVE-2020-16168 | 2020-08-07 | Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the... |
| CVE-2020-7810 | 2020-08-07 | HandySoft ActiveX File Download and Execution Vulnerability |
| CVE-2020-9490 | 2020-08-07 | Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to... |
| CVE-2020-11984 | 2020-08-07 | Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE |
| CVE-2020-11993 | 2020-08-07 | Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing... |
| CVE-2020-11985 | 2020-08-07 | IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP... |
| CVE-2020-11852 | 2020-08-07 | DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user... |
| CVE-2020-15138 | 2020-08-07 | Cross-Site Scripting in Prism |
| CVE-2020-13376 | 2020-08-07 | SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie. |
| CVE-2020-16169 | 2020-08-07 | Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi... |
| CVE-2020-16167 | 2020-08-07 | Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi... |
| CVE-2020-15907 | 2020-08-07 | In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript. |
| CVE-2020-17352 | 2020-08-07 | Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. |
| CVE-2020-15479 | 2020-08-07 | An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack... |
| CVE-2020-15480 | 2020-08-07 | An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write... |
| CVE-2020-5412 | 2020-08-07 | Hystrix Dashboard Proxy In spring-cloud-netflix-hystrix-dashboard |
| CVE-2020-15054 | 2020-08-07 | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. |
| CVE-2020-15055 | 2020-08-07 | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. |
| CVE-2020-15056 | 2020-08-07 | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. |
| CVE-2020-15057 | 2020-08-07 | TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. |
| CVE-2019-7005 | 2020-08-07 | Unauthenticated Information Disclosure Vulnerability in IP Office |
| CVE-2020-15058 | 2020-08-07 | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted... |
| CVE-2020-15059 | 2020-08-07 | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. |
| CVE-2020-15060 | 2020-08-07 | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted... |
| CVE-2020-15061 | 2020-08-07 | Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values. |
| CVE-2020-15062 | 2020-08-07 | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. |
| CVE-2020-15063 | 2020-08-07 | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. |
| CVE-2020-15064 | 2020-08-07 | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. |
| CVE-2020-15065 | 2020-08-07 | DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values. |
| CVE-2020-15818 | 2020-08-08 | In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. |
| CVE-2020-15817 | 2020-08-08 | In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. |
| CVE-2020-15819 | 2020-08-08 | JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. |
| CVE-2020-15820 | 2020-08-08 | In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. |
| CVE-2020-15821 | 2020-08-08 | In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. |
| CVE-2020-15823 | 2020-08-08 | JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. |
| CVE-2020-15824 | 2020-08-08 | In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts... |
| CVE-2020-15827 | 2020-08-08 | In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. |
| CVE-2020-15826 | 2020-08-08 | In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. |
| CVE-2020-15825 | 2020-08-08 | In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. |
| CVE-2020-15829 | 2020-08-08 | In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. |
| CVE-2020-15828 | 2020-08-08 | In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. |
| CVE-2020-15831 | 2020-08-08 | JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. |
| CVE-2020-15830 | 2020-08-08 | JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. |
| CVE-2019-19704 | 2020-08-08 | In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. |
| CVE-2020-16248 | 2020-08-09 | Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability |
| CVE-2020-17452 | 2020-08-09 | flatCore before 1.5.7 allows upload and execution of a .php file by an admin. |
| CVE-2020-17451 | 2020-08-09 | flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter. |
| CVE-2020-12777 | 2020-08-10 | Combodo iTop - Broken Access Control |
| CVE-2020-12778 | 2020-08-10 | Combodo iTop - Reflected XSS |
| CVE-2020-12779 | 2020-08-10 | Combodo iTop - Stored XSS |
| CVE-2020-12780 | 2020-08-10 | Combodo iTop - Security Misconfiguration |
| CVE-2020-12781 | 2020-08-10 | Combodo iTop - CSRF |
| CVE-2020-4533 | 2020-08-10 | IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2020-4539 | 2020-08-10 | IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2020-4541 | 2020-08-10 | IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-6145 | 2020-08-10 | An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request... |
| CVE-2020-6070 | 2020-08-10 | An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting... |
| CVE-2020-13293 | 2020-08-10 | In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash. |
| CVE-2020-13294 | 2020-08-10 | In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application. |
| CVE-2020-13295 | 2020-08-10 | For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF. |
| CVE-2020-13292 | 2020-08-10 | In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. |
| CVE-2020-8229 | 2020-08-10 | A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. |
| CVE-2020-8224 | 2020-08-10 | A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. |
| CVE-2020-9525 | 2020-08-10 | CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated... |
| CVE-2020-9526 | 2020-08-10 | CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network,... |
| CVE-2020-9527 | 2020-08-10 | Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20, after 2018-08-09 through 2020), as used by many different vendors in millions of Internet of Things devices, suffers from buffer... |
| CVE-2020-9528 | 2020-08-10 | Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow remote... |
| CVE-2020-9529 | 2020-08-10 | Firmware developed by Shenzhen Hichip Vision Technology (V6 through V20), as used by many different vendors in millions of Internet of Things devices, suffers from a privilege escalation vulnerability that... |
| CVE-2020-17476 | 2020-08-10 | Mibew Messenger before 3.2.7 allows XSS via a crafted user name. |
| CVE-2020-17478 | 2020-08-10 | ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm. |
| CVE-2020-15656 | 2020-08-10 | JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate... |
| CVE-2020-15657 | 2020-08-10 | Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This... |
| CVE-2020-15658 | 2020-08-10 | The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position,... |
| CVE-2020-15659 | 2020-08-10 | Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that... |
| CVE-2020-15661 | 2020-08-10 | A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for... |
| CVE-2020-15662 | 2020-08-10 | A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS... |
| CVE-2020-15647 | 2020-08-10 | A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other... |
| CVE-2020-15648 | 2020-08-10 | Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox <... |
| CVE-2020-15649 | 2020-08-10 | Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only... |
| CVE-2020-15650 | 2020-08-10 | Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only... |
| CVE-2020-15651 | 2020-08-10 | A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability... |
| CVE-2020-15652 | 2020-08-10 | By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be... |
| CVE-2020-15653 | 2020-08-10 | An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed... |
| CVE-2020-15654 | 2020-08-10 | When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not.... |
| CVE-2020-15655 | 2020-08-10 | A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR... |