Lista CVE - 2020 / Settembre
Visualizzazione 1101 - 1200 di 1592 CVE per Settembre 2020 (Pagina 12 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-25793 | 2020-09-19 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>. |
| CVE-2020-25791 | 2020-09-19 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit(). |
| CVE-2020-14179 | 2020-09-21 | Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa... |
| CVE-2020-14180 | 2020-09-21 | Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability... |
| CVE-2020-14177 | 2020-09-21 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The... |
| CVE-2020-16171 | 2020-09-21 | An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this... |
| CVE-2020-4315 | 2020-09-21 | IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by... |
| CVE-2020-4579 | 2020-09-21 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID:... |
| CVE-2020-4580 | 2020-09-21 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force... |
| CVE-2020-4581 | 2020-09-21 | IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441. |
| CVE-2020-4590 | 2020-09-21 | IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID:... |
| CVE-2020-4731 | 2020-09-21 | IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2020-4643 | 2020-09-21 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability... |
| CVE-2020-15959 | 2020-09-21 | Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via... |
| CVE-2020-15960 | 2020-09-21 | Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2020-15961 | 2020-09-21 | Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via... |
| CVE-2020-15962 | 2020-09-21 | Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2020-15963 | 2020-09-21 | Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via... |
| CVE-2020-15964 | 2020-09-21 | Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-15965 | 2020-09-21 | Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
| CVE-2020-15966 | 2020-09-21 | Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a... |
| CVE-2020-6532 | 2020-09-21 | Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6537 | 2020-09-21 | Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
| CVE-2020-6538 | 2020-09-21 | Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2020-6539 | 2020-09-21 | Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6540 | 2020-09-21 | Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6541 | 2020-09-21 | Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6542 | 2020-09-21 | Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6543 | 2020-09-21 | Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6544 | 2020-09-21 | Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6545 | 2020-09-21 | Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6546 | 2020-09-21 | Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem. |
| CVE-2020-6547 | 2020-09-21 | Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page. |
| CVE-2020-6548 | 2020-09-21 | Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2020-6549 | 2020-09-21 | Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6550 | 2020-09-21 | Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6551 | 2020-09-21 | Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6552 | 2020-09-21 | Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6553 | 2020-09-21 | Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6554 | 2020-09-21 | Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension. |
| CVE-2020-6555 | 2020-09-21 | Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. |
| CVE-2020-6556 | 2020-09-21 | Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6558 | 2020-09-21 | Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2020-6559 | 2020-09-21 | Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6560 | 2020-09-21 | Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2020-6561 | 2020-09-21 | Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2020-6562 | 2020-09-21 | Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2020-6563 | 2020-09-21 | Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. |
| CVE-2020-6564 | 2020-09-21 | Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page. |
| CVE-2020-6565 | 2020-09-21 | Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. |
| CVE-2020-6566 | 2020-09-21 | Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2020-6567 | 2020-09-21 | Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2020-6568 | 2020-09-21 | Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2020-6569 | 2020-09-21 | Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-6570 | 2020-09-21 | Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction. |
| CVE-2020-6571 | 2020-09-21 | Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |
| CVE-2020-6573 | 2020-09-21 | Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via... |
| CVE-2020-6574 | 2020-09-21 | Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. |
| CVE-2020-6575 | 2020-09-21 | Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. |
| CVE-2020-6576 | 2020-09-21 | Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2020-7734 | 2020-09-22 | Cross-site Scripting (XSS) |
| CVE-2020-24619 | 2020-09-22 | In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource. |
| CVE-2020-8887 | 2020-09-22 | Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request... |
| CVE-2020-23446 | 2020-09-22 | Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API |
| CVE-2020-3977 | 2020-09-22 | VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation... |
| CVE-2020-11855 | 2020-09-22 | An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated... |
| CVE-2020-4611 | 2020-09-22 | IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922. |
| CVE-2020-4612 | 2020-09-22 | IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924. |
| CVE-2020-4613 | 2020-09-22 | IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925. |
| CVE-2020-4614 | 2020-09-22 | IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927. |
| CVE-2020-4615 | 2020-09-22 | IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2020-4616 | 2020-09-22 | IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929. |
| CVE-2020-4617 | 2020-09-22 | IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website... |
| CVE-2020-4618 | 2020-09-22 | IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. IBM X-Force ID: 184937. |
| CVE-2020-4619 | 2020-09-22 | IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976. |
| CVE-2020-4620 | 2020-09-22 | IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request,... |
| CVE-2020-4621 | 2020-09-22 | IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981. |
| CVE-2020-4622 | 2020-09-22 | IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or... |
| CVE-2020-11857 | 2020-09-22 | An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user |
| CVE-2020-11856 | 2020-09-22 | Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR. |
| CVE-2020-16202 | 2020-09-22 | WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges. |
| CVE-2020-24333 | 2020-09-22 | A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access,... |
| CVE-2020-25487 | 2020-09-22 | PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. |
| CVE-2020-14031 | 2020-09-22 | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because... |
| CVE-2020-14028 | 2020-09-22 | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite... |
| CVE-2020-14027 | 2020-09-22 | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable... |
| CVE-2020-15839 | 2020-09-22 | Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows... |
| CVE-2020-14026 | 2020-09-22 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in... |
| CVE-2020-14023 | 2020-09-22 | Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS. |
| CVE-2020-14024 | 2020-09-22 | Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the... |
| CVE-2020-14025 | 2020-09-22 | Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules... |
| CVE-2020-14022 | 2020-09-22 | Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an... |
| CVE-2020-25514 | 2020-09-22 | Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php. |
| CVE-2020-25515 | 2020-09-22 | Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. |
| CVE-2020-14370 | 2020-09-23 | An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a... |
| CVE-2020-3569 | 2020-09-23 | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities |
| CVE-2020-3143 | 2020-09-23 | Cisco TelePresence Collaboration Endpoint, TelePresence Codec, and RoomOS Software Path Traversal Vulnerability |
| CVE-2020-3137 | 2020-09-23 | Cisco Email Security Appliance Cross-Site Scripting Vulnerability |
| CVE-2020-3135 | 2020-09-23 | Cisco Unified Communications Manager Cross-Site Request Forgery Vulnerability |
| CVE-2020-3133 | 2020-09-23 | Cisco Email Security Appliance Content Filter Bypass Vulnerability |