Lista CVE - 2020 / Agosto
Visualizzazione 1101 - 1160 di 1160 CVE per Agosto 2020 (Pagina 12 di 12)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-12643 | 2020-08-31 | OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. |
| CVE-2020-12644 | 2020-08-31 | OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. |
| CVE-2020-12645 | 2020-08-31 | OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. |
| CVE-2020-12646 | 2020-08-31 | OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. |
| CVE-2020-12829 | 2020-08-31 | In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. This flaw occurs in the COPY_AREA macro while handling MMIO write operations through the sm501_2d_engine_write()... |
| CVE-2020-13593 | 2020-08-31 | The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the... |
| CVE-2020-13594 | 2020-08-31 | The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on... |
| CVE-2020-13595 | 2020-08-31 | The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on... |
| CVE-2020-5419 | 2020-08-31 | RabbitMQ arbitrary code execution using local binary planting |
| CVE-2020-13828 | 2020-08-31 | Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message,... |
| CVE-2020-13463 | 2020-08-31 | The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. |
| CVE-2020-13464 | 2020-08-31 | The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA... |
| CVE-2020-13465 | 2020-08-31 | The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface. |
| CVE-2020-13466 | 2020-08-31 | STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. |
| CVE-2020-13467 | 2020-08-31 | The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. |
| CVE-2020-17465 | 2020-08-31 | Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerability affects versions 6.5.0.4, 6.0.0.6. |
| CVE-2020-13468 | 2020-08-31 | Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection). |
| CVE-2020-24699 | 2020-08-31 | The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS. |
| CVE-2020-13469 | 2020-08-31 | The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU. |
| CVE-2020-13470 | 2020-08-31 | Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data. |
| CVE-2020-13471 | 2020-08-31 | Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. |
| CVE-2020-15687 | 2020-08-31 | Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the... |
| CVE-2020-13472 | 2020-08-31 | The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module. |
| CVE-2020-24363 | 2020-08-31 | TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain... |
| CVE-2020-20625 | 2020-08-31 | Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php. |
| CVE-2020-20626 | 2020-08-31 | lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS. |
| CVE-2020-20627 | 2020-08-31 | The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change. |
| CVE-2020-20628 | 2020-08-31 | controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS. |
| CVE-2020-7521 | 2020-08-31 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of... |
| CVE-2020-7522 | 2020-08-31 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of... |
| CVE-2020-7523 | 2020-08-31 | Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked.... |
| CVE-2020-7524 | 2020-08-31 | Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific... |
| CVE-2020-7525 | 2020-08-31 | Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versions of spaceLYnk and Wiser for KNX (formerly homeLYnk) which could allow an attacker to guess a password when... |
| CVE-2020-7526 | 2020-08-31 | Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event. |
| CVE-2020-7527 | 2020-08-31 | Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services... |
| CVE-2020-2075 | 2020-08-31 | Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x,... |
| CVE-2020-14364 | 2020-08-31 | An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice... |
| CVE-2020-24354 | 2020-08-31 | Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. |
| CVE-2020-25053 | 2020-08-31 | An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020). |
| CVE-2020-25056 | 2020-08-31 | An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is... |
| CVE-2020-25055 | 2020-08-31 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin restrictions in... |
| CVE-2020-25054 | 2020-08-31 | An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-17239... |
| CVE-2020-25052 | 2020-08-31 | An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes... |
| CVE-2020-25051 | 2020-08-31 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppInfo. The Samsung ID is SVE-2020-17758 (August 2020). |
| CVE-2020-25050 | 2020-08-31 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020). |
| CVE-2020-25049 | 2020-08-31 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020). |
| CVE-2020-25048 | 2020-08-31 | An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung... |
| CVE-2020-25047 | 2020-08-31 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for... |
| CVE-2020-25046 | 2020-08-31 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604... |
| CVE-2020-25058 | 2020-08-31 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is... |
| CVE-2020-25065 | 2020-08-31 | An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an... |
| CVE-2020-25064 | 2020-08-31 | An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG... |
| CVE-2020-25063 | 2020-08-31 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The... |
| CVE-2020-25062 | 2020-08-31 | An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020). |
| CVE-2020-25061 | 2020-08-31 | An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020). |
| CVE-2020-25060 | 2020-08-31 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Local users can gain privileges because of LAF and SBL1 flaws. The... |
| CVE-2020-25059 | 2020-08-31 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG... |
| CVE-2020-25057 | 2020-08-31 | An issue was discovered on LG mobile devices with Android OS 10 software. MDMService does not properly restrict APK installations. The LG ID is LVE-SMP-200011 (July 2020). |
| CVE-2020-15704 | 2020-08-31 | pppd arbitrary file read information disclosure vulnerability |
| CVE-2020-25067 | 2020-09-01 | NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker. |
| CVE-2020-14178 | 2020-09-01 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before... |
| CVE-2020-12776 | 2020-09-01 | Openfind Mail2000 - Broken Access Control |
| CVE-2020-7713 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7716 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7715 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7714 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7718 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7717 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7719 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7720 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7722 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7721 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7724 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7723 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7727 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7726 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7725 | 2020-09-01 | Prototype Pollution |
| CVE-2020-8023 | 2020-09-01 | Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2 |
| CVE-2018-12475 | 2020-09-01 | obs-service-download_files allows downloading from localhost or intranet hosts |
| CVE-2020-24583 | 2020-09-01 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created... |
| CVE-2020-24584 | 2020-09-01 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the... |
| CVE-2020-6129 | 2020-09-01 | SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an... |
| CVE-2020-6130 | 2020-09-01 | SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make... |
| CVE-2020-6131 | 2020-09-01 | SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make... |
| CVE-2020-24554 | 2020-09-01 | The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a... |
| CVE-2020-2238 | 2020-09-01 | Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers... |
| CVE-2020-2239 | 2020-09-01 | Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access... |
| CVE-2020-2240 | 2020-09-01 | A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. |
| CVE-2020-2241 | 2020-09-01 | A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. |
| CVE-2020-2242 | 2020-09-01 | A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. |
| CVE-2020-2243 | 2020-09-01 | Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. |
| CVE-2020-2244 | 2020-09-01 | Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to... |
| CVE-2020-2245 | 2020-09-01 | Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2020-2246 | 2020-09-01 | Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML... |
| CVE-2020-2247 | 2020-09-01 | Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2020-2248 | 2020-09-01 | Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. |
| CVE-2020-2249 | 2020-09-01 | Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with... |
| CVE-2020-2250 | 2020-09-01 | Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended... |
| CVE-2020-2251 | 2020-09-01 | Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. |
| CVE-2020-6117 | 2020-09-01 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated... |