Lista CVE - 2020 / Settembre
Visualizzazione 1301 - 1400 di 1592 CVE per Settembre 2020 (Pagina 14 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-3559 | 2020-09-24 | Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability |
| CVE-2020-3552 | 2020-09-24 | Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability |
| CVE-2020-3527 | 2020-09-24 | Cisco Catalyst 9200 Series Switches Jumbo Frame Denial of Service Vulnerability |
| CVE-2020-3526 | 2020-09-24 | Cisco IOS XE Software Common Open Policy Service Engine Denial of Service Vulnerability |
| CVE-2020-3524 | 2020-09-24 | Cisco IOS XE ROM Monitor Software Vulnerability |
| CVE-2020-3516 | 2020-09-24 | Cisco IOS XE Software Web UI Improper Input Validation Vulnerability |
| CVE-2020-3513 | 2020-09-24 | Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3512 | 2020-09-24 | Cisco IOS and IOS XE Software PROFINET Link Layer Discovery Protocol Denial of Service Vulnerability |
| CVE-2020-3511 | 2020-09-24 | Cisco IOS and IOS XE Software ISDN Q.931 Denial of Service Vulnerability |
| CVE-2020-3510 | 2020-09-24 | Cisco IOS XE Software for Catalyst 9200 Series Switches Umbrella Connector Denial of Service Vulnerability |
| CVE-2020-3509 | 2020-09-24 | Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers DHCP Denial of Service Vulnerability |
| CVE-2020-3508 | 2020-09-24 | Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability |
| CVE-2020-3503 | 2020-09-24 | Cisco IOS XE Software Guest Shell Unauthorized File System Access Vulnerability |
| CVE-2020-3497 | 2020-09-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities |
| CVE-2020-3494 | 2020-09-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities |
| CVE-2020-3493 | 2020-09-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities |
| CVE-2020-3492 | 2020-09-24 | Cisco IOS XE Software for Catalyst 9800 Series and Cisco AireOS Software for Cisco WLC Flexible NetFlow Version 9 Denial of Service Vulnerability |
| CVE-2020-3489 | 2020-09-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities |
| CVE-2020-3488 | 2020-09-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities |
| CVE-2020-3487 | 2020-09-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities |
| CVE-2020-3486 | 2020-09-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities |
| CVE-2020-3480 | 2020-09-24 | Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities |
| CVE-2020-3479 | 2020-09-24 | Cisco IOS and IOS XE Software MP-BGP EVPN Denial of Service Vulnerability |
| CVE-2020-3477 | 2020-09-24 | Cisco IOS and IOS XE Software Information Disclosure Vulnerability |
| CVE-2020-3476 | 2020-09-24 | Cisco IOS XE Software Arbitrary File Overwrite Vulnerability |
| CVE-2020-3475 | 2020-09-24 | Cisco IOS XE Software Web Management Framework Vulnerabilities |
| CVE-2020-3474 | 2020-09-24 | Cisco IOS XE Software Web Management Framework Vulnerabilities |
| CVE-2020-3465 | 2020-09-24 | Cisco IOS XE Software Ethernet Frame Denial of Service Vulnerability |
| CVE-2020-3429 | 2020-09-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WPA Denial of Service Vulnerability |
| CVE-2020-3428 | 2020-09-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family WLAN Local Profiling Denial of Service Vulnerability |
| CVE-2020-3426 | 2020-09-24 | Cisco IOS Software for Cisco Industrial Routers Virtual-LPWA Unauthorized Access Vulnerability |
| CVE-2020-3425 | 2020-09-24 | Cisco IOS XE Software Privilege Escalation Vulnerabilities |
| CVE-2020-3423 | 2020-09-24 | Cisco IOS XE Software Arbitrary Code Execution Vulnerability |
| CVE-2020-3422 | 2020-09-24 | Cisco IOS XE Software IP Service Level Agreements Denial of Service Vulnerability |
| CVE-2020-3421 | 2020-09-24 | Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities |
| CVE-2020-3418 | 2020-09-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Improper Access Control Vulnerability |
| CVE-2020-3417 | 2020-09-24 | Cisco IOS XE Software Arbitrary Code Execution Vulnerability |
| CVE-2020-3416 | 2020-09-24 | Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3414 | 2020-09-24 | Cisco IOS XE Software for Cisco 4461 Integrated Services Routers Denial of Service Vulnerability |
| CVE-2020-3409 | 2020-09-24 | Cisco IOS and IOS XE Software PROFINET Denial of Service Vulnerability |
| CVE-2020-3408 | 2020-09-24 | Cisco IOS and IOS XE Software Split DNS Denial of Service Vulnerability |
| CVE-2020-3407 | 2020-09-24 | Cisco IOS XE Software RESTCONF and NETCONF-YANG Access Control List Denial of Service Vulnerability |
| CVE-2020-3404 | 2020-09-24 | Cisco IOS XE Software Consent Token Bypass Vulnerability |
| CVE-2020-3403 | 2020-09-24 | Cisco IOS XE Software Command Injection Vulnerability |
| CVE-2020-3400 | 2020-09-24 | Cisco IOS XE Software Web UI Authorization Bypass Vulnerability |
| CVE-2020-3399 | 2020-09-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerability |
| CVE-2020-3396 | 2020-09-24 | Cisco IOS XE Software IOx Guest Shell USB SSD Namespace Protection Privilege Escalation Vulnerability |
| CVE-2020-3393 | 2020-09-24 | Cisco IOS XE Software IOx Application Hosting Privilege Escalation Vulnerability |
| CVE-2020-19447 | 2020-09-24 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter. |
| CVE-2020-3390 | 2020-09-24 | Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family SNMP Trap Denial of Service Vulnerability |
| CVE-2020-3359 | 2020-09-24 | Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers Multicast DNS Denial of Service Vulnerability |
| CVE-2020-3141 | 2020-09-24 | Cisco IOS XE Software Privilege Escalation Vulnerabilities |
| CVE-2020-15930 | 2020-09-24 | An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag. |
| CVE-2016-11086 | 2020-09-24 | lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and... |
| CVE-2020-15850 | 2020-09-24 | Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the... |
| CVE-2020-15851 | 2020-09-24 | Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter... |
| CVE-2020-8333 | 2020-09-24 | A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution |
| CVE-2020-8347 | 2020-09-24 | A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated... |
| CVE-2020-8348 | 2020-09-24 | A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated... |
| CVE-2020-15161 | 2020-09-24 | Potential XSS in PrestaShop |
| CVE-2020-15160 | 2020-09-24 | Blind SQL Injection in PrestaShop |
| CVE-2020-13991 | 2020-09-24 | vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. |
| CVE-2020-15162 | 2020-09-24 | Stored XSS in PrestaShop |
| CVE-2020-15843 | 2020-09-24 | ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full Control" to... |
| CVE-2020-17365 | 2020-09-24 | Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The... |
| CVE-2020-25223 | 2020-09-25 | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 |
| CVE-2020-25747 | 2020-09-25 | The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus,... |
| CVE-2020-25748 | 2020-09-25 | A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the... |
| CVE-2020-25749 | 2020-09-25 | The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged... |
| CVE-2018-10432 | 2020-09-25 | Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP). |
| CVE-2018-10585 | 2020-09-25 | Pexip Infinity before 18 allows remote Denial of Service (XML parsing). |
| CVE-2019-7177 | 2020-09-25 | Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin. |
| CVE-2019-7178 | 2020-09-25 | Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup. |
| CVE-2017-17477 | 2020-09-25 | Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views. |
| CVE-2020-11805 | 2020-09-25 | Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. |
| CVE-2020-12824 | 2020-09-25 | Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. |
| CVE-2020-13387 | 2020-09-25 | Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. |
| CVE-2020-24615 | 2020-09-25 | Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. |
| CVE-2020-24621 | 2020-09-25 | A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file... |
| CVE-2020-24692 | 2020-09-25 | The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow... |
| CVE-2020-24592 | 2020-09-25 | Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. |
| CVE-2020-24593 | 2020-09-25 | Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. |
| CVE-2020-24594 | 2020-09-25 | Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker... |
| CVE-2020-24595 | 2020-09-25 | Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control. |
| CVE-2020-24718 | 2020-09-25 | bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated... |
| CVE-2020-23837 | 2020-09-25 | A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a... |
| CVE-2020-25203 | 2020-09-25 | The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any... |
| CVE-2020-25084 | 2020-09-25 | QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. |
| CVE-2020-25085 | 2020-09-25 | QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. |
| CVE-2020-25625 | 2020-09-25 | hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop. |
| CVE-2020-26115 | 2020-09-25 | cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574). |
| CVE-2020-26114 | 2020-09-25 | cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573). |
| CVE-2020-26113 | 2020-09-25 | cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). |
| CVE-2020-26112 | 2020-09-25 | The email quota cache in cPanel before 90.0.10 allows overwriting of files. |
| CVE-2020-26111 | 2020-09-25 | cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). |
| CVE-2020-26110 | 2020-09-25 | cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). |
| CVE-2020-26109 | 2020-09-25 | cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). |
| CVE-2020-26108 | 2020-09-25 | cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). |
| CVE-2020-26107 | 2020-09-25 | cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). |
| CVE-2020-26106 | 2020-09-25 | cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). |