Lista CVE - 2020 / Agosto
Visualizzazione 401 - 500 di 1160 CVE per Agosto 2020 (Pagina 5 di 12)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-8681 | 2020-08-13 | Out of bounds write in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2020-8680 | 2020-08-13 | Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2020-7307 | 2020-08-13 | DLP for Mac - Unprotected Storage of Credentials |
| CVE-2020-8679 | 2020-08-13 | Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2020-0512 | 2020-08-13 | Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2020-8682 | 2020-08-13 | Out of bounds read in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2020-8683 | 2020-08-13 | Improper buffer restrictions in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2020-12300 | 2020-08-13 | Uninitialized pointer in BIOS firmware for Intel(R) Server Board Families S2600CW, S2600KP, S2600TP, and S2600WT may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2020-12301 | 2020-08-13 | Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2020-12299 | 2020-08-13 | Improper input validation in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2020-0559 | 2020-08-13 | Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2020-0554 | 2020-08-13 | Race condition in software installer for some Intel(R) Wireless Bluetooth(R) products on Windows* 7, 8.1 and 10 may allow an unprivileged user to potentially enable escalation of privilege via local... |
| CVE-2020-0555 | 2020-08-13 | Improper input validation for some Intel(R) Wireless Bluetooth(R) products may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2020-0553 | 2020-08-13 | Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bluetooth(R) products on Windows* 10, may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2019-14620 | 2020-08-13 | Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access. |
| CVE-2019-4582 | 2020-08-13 | IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences... |
| CVE-2020-4589 | 2020-08-13 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted... |
| CVE-2020-16087 | 2020-08-13 | An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user... |
| CVE-2020-17463 | 2020-08-13 | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. |
| CVE-2019-16374 | 2020-08-13 | Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed... |
| CVE-2020-13282 | 2020-08-13 | For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. |
| CVE-2020-13283 | 2020-08-13 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulnerability exists in the issues list via milestone title. |
| CVE-2020-13285 | 2020-08-13 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) vulnerability exists in the issue reference number tooltip. |
| CVE-2020-13280 | 2020-08-13 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. |
| CVE-2020-13281 | 2020-08-13 | For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature |
| CVE-2020-13286 | 2020-08-13 | For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery. |
| CVE-2020-15925 | 2020-08-13 | A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter. |
| CVE-2020-11733 | 2020-08-13 | An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell... |
| CVE-2020-15947 | 2020-08-13 | A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do endpoint of Loway QueueMetrics before 19.10.21 allows remote authenticated users to execute arbitrary SQL commands via the exportId parameter. |
| CVE-2020-14483 | 2020-08-13 | A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions... |
| CVE-2020-0261 | 2020-08-13 | In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2020-17498 | 2020-08-13 | In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. |
| CVE-2020-24332 | 2020-08-13 | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss... |
| CVE-2020-24331 | 2020-08-13 | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file... |
| CVE-2020-24330 | 2020-08-13 | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid... |
| CVE-2020-24349 | 2020-08-13 | njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is... |
| CVE-2020-24348 | 2020-08-13 | njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. |
| CVE-2020-24347 | 2020-08-13 | njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. |
| CVE-2020-24346 | 2020-08-13 | njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. |
| CVE-2020-24345 | 2020-08-13 | JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option |
| CVE-2020-24344 | 2020-08-13 | JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read. |
| CVE-2020-24343 | 2020-08-13 | Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. |
| CVE-2020-24342 | 2020-08-13 | Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. |
| CVE-2020-7360 | 2020-08-13 | Philips SmartControl DLL Hijacking |
| CVE-2019-20383 | 2020-08-13 | ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links. |
| CVE-2020-4662 | 2020-08-14 | IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233. |
| CVE-2019-7410 | 2020-08-14 | There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remote authenticated users could inject arbitrary web script or HTML via $page_title in /lib/Galileo/files/templates/page/show.html.ep (aka the PAGE TITLE Field). |
| CVE-2019-6112 | 2020-08-14 | A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka... |
| CVE-2020-12648 | 2020-08-14 | A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. |
| CVE-2020-16205 | 2020-08-14 | Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited... |
| CVE-2019-19643 | 2020-08-14 | ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. |
| CVE-2020-17462 | 2020-08-14 | CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. |
| CVE-2020-9228 | 2020-08-14 | FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. |
| CVE-2020-9229 | 2020-08-14 | FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. |
| CVE-2020-7700 | 2020-08-14 | Prototype Pollution |
| CVE-2020-7701 | 2020-08-14 | Prototype Pollution |
| CVE-2020-10055 | 2020-08-14 | A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x), Desigo CC Compact (V3.x). Affected applications are delivered with a 3rd party component (BIRT)... |
| CVE-2020-15781 | 2020-08-14 | A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to... |
| CVE-2020-7583 | 2020-08-14 | A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when... |
| CVE-2019-5591 | 2020-08-14 | A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. |
| CVE-2020-22721 | 2020-08-14 | A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe... |
| CVE-2020-22722 | 2020-08-14 | Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe... |
| CVE-2020-15142 | 2020-08-14 | Arbitrary Code Generation |
| CVE-2020-15141 | 2020-08-14 | Path Traversal in openapi-python-client |
| CVE-2020-15145 | 2020-08-14 | Local privilege elevation in Composer-Setup for Windows |
| CVE-2020-9708 | 2020-08-14 | GHSL-2020-133: Insufficient validation of user input in resolveRepositoryPath function |
| CVE-2020-9767 | 2020-08-14 | A vulnerability related to Dynamic-link Library (“DLL”) loading in the Zoom Sharing Service would allow an attacker who had local access to a machine on which the service was running... |
| CVE-2020-15692 | 2020-08-14 | In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An... |
| CVE-2020-15693 | 2020-08-14 | In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL... |
| CVE-2020-15694 | 2020-08-14 | In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length. |
| CVE-2015-8032 | 2020-08-14 | In Textpattern 4.5.7, an unprivileged author can change an article's markup setting. |
| CVE-2015-8033 | 2020-08-14 | In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. |
| CVE-2020-17473 | 2020-08-14 | Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server. |
| CVE-2020-17475 | 2020-08-14 | Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000. |
| CVE-2020-17474 | 2020-08-14 | A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces... |
| CVE-2020-24361 | 2020-08-16 | SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec. |
| CVE-2016-11085 | 2020-08-16 | php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. |
| CVE-2020-1493 | 2020-08-17 | Microsoft Outlook Information Disclosure Vulnerability |
| CVE-2020-24370 | 2020-08-17 | ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). |
| CVE-2020-13941 | 2020-08-17 | Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location... |
| CVE-2020-4686 | 2020-08-17 | IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to. IBM X-Force ID: 186678. |
| CVE-2020-12606 | 2020-08-17 | An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands... |
| CVE-2020-7702 | 2020-08-17 | Prototype Pollution |
| CVE-2020-7703 | 2020-08-17 | Prototype Pollution |
| CVE-2020-9242 | 2020-08-17 | FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection... |
| CVE-2020-9103 | 2020-08-17 | HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic error vulnerability. In a special scenario, the system does not properly process. As a result, attackers can perform a series of... |
| CVE-2020-9241 | 2020-08-17 | Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an... |
| CVE-2020-9233 | 2020-08-17 | FusionCompute 8.0.0 have an insufficient authentication vulnerability. An attacker may exploit the vulnerability to delete some files and cause some services abnormal. |
| CVE-2020-9237 | 2020-08-17 | Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C00E125R5P3) have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request.... |
| CVE-2020-8208 | 2020-08-17 | Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows... |
| CVE-2020-8230 | 2020-08-17 | A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. |
| CVE-2020-8209 | 2020-08-17 | Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and... |
| CVE-2020-8226 | 2020-08-17 | A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. |
| CVE-2020-8210 | 2020-08-17 | Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses... |
| CVE-2020-8211 | 2020-08-17 | Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL... |
| CVE-2020-8212 | 2020-08-17 | Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access... |
| CVE-2020-8232 | 2020-08-17 | An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages. |
| CVE-2020-8233 | 2020-08-17 | A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. |
| CVE-2020-13122 | 2020-08-17 | The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be... |
| CVE-2020-24220 | 2020-08-17 | ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server. |