Lista CVE - 2020 / Agosto
Visualizzazione 201 - 300 di 1160 CVE per Agosto 2020 (Pagina 3 di 12)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-9243 | 2020-08-10 | HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a denial of service vulnerability. The system does not properly limit the depth of recursion, an attacker should trick the user... |
| CVE-2020-9078 | 2020-08-10 | FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege... |
| CVE-2020-17479 | 2020-08-10 | jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array. |
| CVE-2020-9245 | 2020-08-10 | HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUAWEI P30 Pro versions Versions earlier than 10.1.0.160(C00E160R2P8) have a denial of service vulnerability. Certain system configuration can be modified because of improper authorization.... |
| CVE-2020-17480 | 2020-08-10 | TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into... |
| CVE-2020-15139 | 2020-08-10 | XSS in MyBB |
| CVE-2020-16275 | 2020-08-10 | A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user... |
| CVE-2020-16276 | 2020-08-10 | An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. |
| CVE-2020-16277 | 2020-08-10 | An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. |
| CVE-2020-16278 | 2020-08-10 | A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when... |
| CVE-2020-9079 | 2020-08-11 | FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed... |
| CVE-2020-4485 | 2020-08-11 | IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. IBM X-Force ID:... |
| CVE-2020-4486 | 2020-08-11 | IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. IBM X-Force ID: 181861. |
| CVE-2020-10777 | 2020-08-11 | A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on... |
| CVE-2020-10778 | 2020-08-11 | In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no... |
| CVE-2020-10783 | 2020-08-11 | Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting... |
| CVE-2020-10779 | 2020-08-11 | Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the... |
| CVE-2020-14325 | 2020-08-11 | Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles.... |
| CVE-2020-14296 | 2020-08-11 | Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from... |
| CVE-2020-14324 | 2020-08-11 | A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker... |
| CVE-2020-10780 | 2020-08-11 | Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till a victim export as CSV and opens the file with Excel. Once... |
| CVE-2020-14313 | 2020-08-11 | An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose... |
| CVE-2020-11552 | 2020-08-11 | An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow... |
| CVE-2020-13124 | 2020-08-11 | SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system. |
| CVE-2020-15597 | 2020-08-11 | SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field. |
| CVE-2020-16092 | 2020-08-11 | In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. This issue affects the e1000e and vmxnet3 network devices. A malicious guest user/process could use this... |
| CVE-2020-17367 | 2020-08-11 | Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. |
| CVE-2020-17368 | 2020-08-11 | Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. |
| CVE-2020-17448 | 2020-08-11 | Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that... |
| CVE-2020-17466 | 2020-08-11 | Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses. |
| CVE-2020-15071 | 2020-08-11 | content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading. |
| CVE-2020-13174 | 2020-08-11 | The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into... |
| CVE-2020-13175 | 2020-08-11 | The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a... |
| CVE-2020-13176 | 2020-08-11 | The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 24, 2020 (v16 and earlier for the Cloud Access Connector) contains... |
| CVE-2020-13177 | 2020-08-11 | The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows... |
| CVE-2020-13178 | 2020-08-11 | A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which... |
| CVE-2020-14979 | 2020-08-11 | The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any... |
| CVE-2020-13179 | 2020-08-11 | Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker... |
| CVE-2020-11976 | 2020-08-11 | By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that... |
| CVE-2020-9404 | 2020-08-11 | In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords. |
| CVE-2020-9403 | 2020-08-11 | In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in a recoverable format, and may be retrieved by any user with access to the PACTware workstation. |
| CVE-2020-8918 | 2020-08-11 | TPM 1.2 key authorization values are vulnerable to a TPM transport eavesdropper |
| CVE-2020-9244 | 2020-08-11 | HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8);HUAWEI Mate 20 Pro versions Versions earlier than 10.1.0.270(C431E7R1P5),Versions earlier than 10.1.0.270(C635E3R1P5),Versions earlier than 10.1.0.273(C636E7R2P4);HUAWEI Mate 20 X versions Versions earlier than 10.1.0.160(C00E160R2P8);HUAWEI... |
| CVE-2020-16170 | 2020-08-11 | Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots... |
| CVE-2020-8911 | 2020-08-11 | CBC padding oracle in AWS S3 Crypto SDK for GoLang |
| CVE-2020-8912 | 2020-08-11 | In-band key negotiation issue in AWS S3 Crypto SDK for GoLang |
| CVE-2020-0108 | 2020-08-11 | In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution... |
| CVE-2020-0238 | 2020-08-11 | In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no... |
| CVE-2020-0239 | 2020-08-11 | In getDocumentMetadata of DocumentsContract.java, there is a possible disclosure of location metadata from a file due to a permissions bypass. This could lead to local information disclosure from a file... |
| CVE-2020-0240 | 2020-08-11 | In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed.... |
| CVE-2020-0241 | 2020-08-11 | In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2020-0242 | 2020-08-11 | In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges... |
| CVE-2020-0243 | 2020-08-11 | In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges... |
| CVE-2020-0247 | 2020-08-11 | In Threshold::getHistogram of ImageProcessHelper.java, there is a possible crash loop due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction... |
| CVE-2020-0248 | 2020-08-11 | In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is... |
| CVE-2020-0249 | 2020-08-11 | In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is... |
| CVE-2020-0250 | 2020-08-11 | In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there is a missing permission check. This could lead to local information disclosure of location data with no additional execution privileges needed. User interaction is not... |
| CVE-2019-17339 | 2020-08-11 | TIBCO Silver Fabric XSS vulerability |
| CVE-2020-0251 | 2020-08-11 | There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647626 |
| CVE-2020-0252 | 2020-08-11 | There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152236803 |
| CVE-2020-0253 | 2020-08-11 | There is a possible memory corruption due to a use after free.Product: AndroidVersions: Android SoCAndroid ID: A-152647365 |
| CVE-2020-0254 | 2020-08-11 | There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152647751 |
| CVE-2020-0256 | 2020-08-11 | In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious... |
| CVE-2020-0257 | 2020-08-11 | In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges... |
| CVE-2020-0258 | 2020-08-11 | In stopZygoteLocked of AppZygote.java, there is an insufficient cleanup. This could lead to local information disclosure in the application that is started next with no additional execution privileges needed. User... |
| CVE-2020-0259 | 2020-08-11 | In android_verity_ctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no... |
| CVE-2020-0260 | 2020-08-11 | There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183 |
| CVE-2020-17487 | 2020-08-11 | radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY. |
| CVE-2020-17489 | 2020-08-11 | An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still... |
| CVE-2020-17495 | 2020-08-11 | django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does... |
| CVE-2020-7029 | 2020-08-11 | Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability |
| CVE-2020-8913 | 2020-08-12 | Local arbitrary code execution in splitinstall in Android's Play Core |
| CVE-2020-6932 | 2020-08-12 | An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially... |
| CVE-2020-17372 | 2020-08-12 | SugarCRM before 10.1.0 (Q3 2020) allows XSS. |
| CVE-2020-17373 | 2020-08-12 | SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. |
| CVE-2020-16145 | 2020-08-12 | Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. |
| CVE-2020-16266 | 2020-08-12 | An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text... |
| CVE-2020-17496 | 2020-08-12 | vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. |
| CVE-2020-6273 | 2020-08-12 | SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to... |
| CVE-2020-6284 | 2020-08-12 | SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges.... |
| CVE-2020-6293 | 2020-08-12 | SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but... |
| CVE-2020-2229 | 2020-08-12 | Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. |
| CVE-2020-2230 | 2020-08-12 | Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission. |
| CVE-2020-2231 | 2020-08-12 | Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting... |
| CVE-2020-2232 | 2020-08-12 | Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays the SMTP password in plain text as part of the global Jenkins configuration form, potentially resulting in its exposure. |
| CVE-2020-2233 | 2020-08-12 | A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. |
| CVE-2020-2234 | 2020-08-12 | A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained... |
| CVE-2020-2235 | 2020-08-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified credentials IDs obtained through... |
| CVE-2020-2236 | 2020-08-12 | Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission. |
| CVE-2020-2237 | 2020-08-12 | A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. |
| CVE-2020-6294 | 2020-08-12 | Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity. |
| CVE-2020-6295 | 2020-08-12 | Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise... |
| CVE-2020-6296 | 2020-08-12 | SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753, 755, allows an attacker to inject code that can be... |
| CVE-2020-6297 | 2020-08-12 | Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be... |
| CVE-2020-6298 | 2020-08-12 | SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure... |
| CVE-2020-6299 | 2020-08-12 | SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system... |
| CVE-2020-6300 | 2020-08-12 | SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different... |
| CVE-2020-6301 | 2020-08-12 | SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation... |
| CVE-2020-6309 | 2020-08-12 | SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing... |
| CVE-2020-6310 | 2020-08-12 | Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all... |