Lista CVE - 2020 / Settembre
Visualizzazione 1201 - 1300 di 1592 CVE per Settembre 2020 (Pagina 13 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-3130 | 2020-09-23 | Cisco Unity Connection Directory Traversal Vulnerability |
| CVE-2020-3124 | 2020-09-23 | Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability |
| CVE-2020-3117 | 2020-09-23 | Cisco Web Security Appliance and Cisco Content Security Management Appliance HTTP Header Injection Vulnerability |
| CVE-2020-3116 | 2020-09-23 | Cisco Webex Centers Denial of Service Vulnerability |
| CVE-2019-1983 | 2020-09-23 | Cisco Email Security Appliance and Cisco Content Security Management Appliance Denial of Service Vulnerability |
| CVE-2019-1947 | 2020-09-23 | Cisco Email Security Appliance Denial of Service Vulnerability |
| CVE-2019-1888 | 2020-09-23 | Cisco Unified Contact Center Express Privilege Escalation Vulnerability |
| CVE-2019-1736 | 2020-09-23 | Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability |
| CVE-2019-16028 | 2020-09-23 | Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass Vulnerability |
| CVE-2019-16025 | 2020-09-23 | Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability |
| CVE-2019-16023 | 2020-09-23 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities |
| CVE-2019-16021 | 2020-09-23 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities |
| CVE-2019-16019 | 2020-09-23 | Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities |
| CVE-2019-16017 | 2020-09-23 | Cisco Unified Customer Voice Portal Insecure Direct Object Reference Vulnerability |
| CVE-2019-16009 | 2020-09-23 | Cisco IOS and Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability |
| CVE-2019-16007 | 2020-09-23 | Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability |
| CVE-2019-16004 | 2020-09-23 | Cisco Vision Dynamic Signage Director Authentication Bypass Vulnerability |
| CVE-2019-16000 | 2020-09-23 | Cisco Umbrella Roaming Client for Windows Install Vulnerability |
| CVE-2019-15993 | 2020-09-23 | Cisco Small Business Switches Information Disclosure Vulnerability |
| CVE-2019-15992 | 2020-09-23 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability |
| CVE-2019-15974 | 2020-09-23 | Cisco Managed Services Accelerator Open Redirect Vulnerability |
| CVE-2019-15969 | 2020-09-23 | Cisco Web Security Appliance Management Interface Cross-Site Scripting Vulnerability |
| CVE-2019-15963 | 2020-09-23 | Cisco Unified Communications Manager Information Disclosure Vulnerability |
| CVE-2019-15959 | 2020-09-23 | Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability |
| CVE-2019-15957 | 2020-09-23 | Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability |
| CVE-2019-15289 | 2020-09-23 | Cisco TelePresence Collaboration Endpoint and RoomOS Software Denial of Service Vulnerabilities |
| CVE-2019-15287 | 2020-09-23 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-15285 | 2020-09-23 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2019-15283 | 2020-09-23 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2020-25821 | 2020-09-23 | peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| CVE-2020-25826 | 2020-09-23 | PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. |
| CVE-2020-14365 | 2020-09-23 | A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during... |
| CVE-2020-10714 | 2020-09-23 | A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session... |
| CVE-2020-10687 | 2020-09-23 | A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters... |
| CVE-2020-7122 | 2020-09-23 | Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial... |
| CVE-2020-7121 | 2020-09-23 | Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial... |
| CVE-2020-24624 | 2020-09-23 | Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. |
| CVE-2020-24625 | 2020-09-23 | Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. |
| CVE-2020-24626 | 2020-09-23 | Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. |
| CVE-2020-16244 | 2020-09-23 | GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR... |
| CVE-2020-16240 | 2020-09-23 | GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users... |
| CVE-2020-2279 | 2020-09-23 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that... |
| CVE-2020-2280 | 2020-09-23 | A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code. |
| CVE-2020-2281 | 2020-09-23 | A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources. |
| CVE-2020-2282 | 2020-09-23 | Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin. |
| CVE-2020-2283 | 2020-09-23 | Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by... |
| CVE-2020-2284 | 2020-09-23 | Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2020-2285 | 2020-09-23 | A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2020-4324 | 2020-09-23 | IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515. |
| CVE-2020-4340 | 2020-09-23 | IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180. |
| CVE-2020-25739 | 2020-09-23 | An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb... |
| CVE-2020-24213 | 2020-09-23 | An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory. |
| CVE-2020-11031 | 2020-09-23 | Insecure encryption algorithm in GLPI |
| CVE-2020-5783 | 2020-09-23 | In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms. |
| CVE-2020-5782 | 2020-09-23 | In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wan_type’ parameter, the wan interface for the device will become unreachable, which results in a denial... |
| CVE-2020-5781 | 2020-09-23 | In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service... |
| CVE-2020-25595 | 2020-09-23 | An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values... |
| CVE-2020-25597 | 2020-09-23 | An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations... |
| CVE-2020-25598 | 2020-09-23 | An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error... |
| CVE-2020-25599 | 2020-09-23 | An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can... |
| CVE-2020-25600 | 2020-09-23 | An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on... |
| CVE-2020-25601 | 2020-09-23 | An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a... |
| CVE-2020-25602 | 2020-09-23 | An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model... |
| CVE-2020-25604 | 2020-09-23 | An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs,... |
| CVE-2020-25596 | 2020-09-23 | An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One... |
| CVE-2020-25603 | 2020-09-23 | An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the... |
| CVE-2015-4719 | 2020-09-24 | The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request. |
| CVE-2020-15604 | 2020-09-24 | An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to... |
| CVE-2020-24560 | 2020-09-24 | An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to... |
| CVE-2020-6020 | 2020-09-24 | Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands... |
| CVE-2020-22453 | 2020-09-24 | Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information. |
| CVE-2020-12816 | 2020-09-24 | An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin... |
| CVE-2020-12818 | 2020-09-24 | An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. |
| CVE-2020-12817 | 2020-09-24 | An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. |
| CVE-2020-12815 | 2020-09-24 | An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. |
| CVE-2020-12811 | 2020-09-24 | An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute... |
| CVE-2020-16148 | 2020-09-24 | The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network. |
| CVE-2020-16147 | 2020-09-24 | The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network. |
| CVE-2020-26088 | 2020-09-24 | A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka... |
| CVE-2020-13504 | 2020-09-24 | Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP... |
| CVE-2020-13505 | 2020-09-24 | Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP... |
| CVE-2020-13499 | 2020-09-24 | An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise.... |
| CVE-2020-13500 | 2020-09-24 | SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter... |
| CVE-2020-24365 | 2020-09-24 | An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine.... |
| CVE-2020-13501 | 2020-09-24 | An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise.... |
| CVE-2020-15840 | 2020-09-24 | In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs. |
| CVE-2020-12280 | 2020-09-24 | iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php. |
| CVE-2020-12281 | 2020-09-24 | iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php. |
| CVE-2020-12282 | 2020-09-24 | iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.) |
| CVE-2020-12841 | 2020-09-24 | ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php |
| CVE-2020-12840 | 2020-09-24 | ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php |
| CVE-2020-12837 | 2020-09-24 | ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used. |
| CVE-2020-12839 | 2020-09-24 | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php. |
| CVE-2020-12842 | 2020-09-24 | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. |
| CVE-2020-12838 | 2020-09-24 | ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php. |
| CVE-2020-12843 | 2020-09-24 | ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used. |
| CVE-2020-13119 | 2020-09-24 | ismartgate PRO 1.5.9 is vulnerable to clickjacking. |
| CVE-2020-15223 | 2020-09-24 | Ignored storage errors on token revokation in ORY Fosite |
| CVE-2020-15222 | 2020-09-24 | Replay of private_key_jwt possible in ORY Fosite |
| CVE-2020-3560 | 2020-09-24 | Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability |