Lista CVE - 2020 / Settembre
Visualizzazione 301 - 400 di 1592 CVE per Settembre 2020 (Pagina 4 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-3675 | 2020-09-08 | u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon... |
| CVE-2020-3702 | 2020-09-08 | u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the... |
| CVE-2020-4516 | 2020-09-08 | IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in... |
| CVE-2020-4698 | 2020-09-08 | IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code... |
| CVE-2020-25213 | 2020-09-09 | The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have... |
| CVE-2020-11124 | 2020-09-09 | u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2020-11129 | 2020-09-09 | u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile... |
| CVE-2020-11135 | 2020-09-09 | u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917, MSM8953, Nicobar,... |
| CVE-2020-3617 | 2020-09-09 | u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer... |
| CVE-2020-3634 | 2020-09-09 | u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables... |
| CVE-2020-3656 | 2020-09-09 | Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon... |
| CVE-2020-3674 | 2020-09-09 | Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice... |
| CVE-2020-3679 | 2020-09-09 | u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments' in Snapdragon Auto, Snapdragon Compute, Snapdragon... |
| CVE-2020-5627 | 2020-09-09 | Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may... |
| CVE-2020-7320 | 2020-09-09 | Protection Mechanism Failure in ENS for Windows |
| CVE-2020-7319 | 2020-09-09 | Improper Access Control Vulnerability in ENS for Windows |
| CVE-2020-7322 | 2020-09-09 | Exposure of Sensitive Information in ENS for Windows |
| CVE-2020-7323 | 2020-09-09 | Authentication Protection Bypass vulnerability in ENS for Windows |
| CVE-2020-7324 | 2020-09-09 | Improper Access Control vulnerability in MVISION Endpoint |
| CVE-2020-7325 | 2020-09-09 | Privilege Escalation vulnerability in MVISION Endpoint |
| CVE-2020-14342 | 2020-09-09 | It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with... |
| CVE-2020-6335 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6334 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6341 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6312 | 2020-09-09 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), versions - 4.1, 4.2, allows an attacker with a non-administrative user account that can edit certain web page properties, can modify... |
| CVE-2020-6336 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6333 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6314 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6332 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6313 | 2020-09-09 | SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content,... |
| CVE-2020-6338 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6337 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6339 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6342 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6343 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6320 | 2020-09-09 | SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform... |
| CVE-2020-6340 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6318 | 2020-09-09 | A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products... |
| CVE-2020-6322 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6321 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6326 | 2020-09-09 | SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information... |
| CVE-2020-6328 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6331 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6327 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6330 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6283 | 2020-09-09 | SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in... |
| CVE-2020-6329 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6344 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6345 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6302 | 2020-09-09 | SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSession ID in the backoffice URL when the application is loaded initially. An attacker can get this session ID via... |
| CVE-2020-6288 | 2020-09-09 | SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading... |
| CVE-2020-6348 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6346 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6350 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6347 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6349 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6351 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6352 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6354 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6356 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6353 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6357 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6361 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6355 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6360 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6358 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6359 | 2020-09-09 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily... |
| CVE-2020-6324 | 2020-09-09 | SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read,... |
| CVE-2020-6311 | 2020-09-09 | Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenticated... |
| CVE-2020-14384 | 2020-09-09 | A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple... |
| CVE-2020-1968 | 2020-09-09 | Raccoon attack |
| CVE-2020-24194 | 2020-09-09 | A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter. |
| CVE-2020-24197 | 2020-09-09 | A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. |
| CVE-2020-24074 | 2020-09-09 | The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow. |
| CVE-2020-24198 | 2020-09-09 | A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' |
| CVE-2020-24199 | 2020-09-09 | Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. |
| CVE-2020-24195 | 2020-09-09 | An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. |
| CVE-2020-1749 | 2020-09-09 | A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between... |
| CVE-2020-24794 | 2020-09-09 | Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. |
| CVE-2020-11986 | 2020-09-09 | To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked... |
| CVE-2020-24566 | 2020-09-09 | In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user creates a deployment or runbook process using Azure steps and sets the step's execution location to... |
| CVE-2020-25211 | 2020-09-09 | In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter... |
| CVE-2020-25212 | 2020-09-09 | A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because... |
| CVE-2020-14292 | 2020-09-09 | In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over... |
| CVE-2020-2036 | 2020-09-09 | PAN-OS: Reflected Cross-Site Scripting (XSS) vulnerability in management web interface |
| CVE-2020-2037 | 2020-09-09 | PAN-OS: OS command injection vulnerability in the management web interface |
| CVE-2020-2038 | 2020-09-09 | PAN-OS: OS command injection vulnerability in the management web interface |
| CVE-2020-2039 | 2020-09-09 | PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload |
| CVE-2020-2040 | 2020-09-09 | PAN-OS: Buffer overflow when Captive Portal or Multi-Factor Authentication (MFA) is enabled |
| CVE-2020-2041 | 2020-09-09 | PAN-OS: Management web interface denial-of-service (DoS) |
| CVE-2020-2042 | 2020-09-09 | PAN-OS: Buffer overflow in the management web interface |
| CVE-2020-2043 | 2020-09-09 | PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs |
| CVE-2020-2044 | 2020-09-09 | PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history |
| CVE-2020-13127 | 2020-09-09 | A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter. |
| CVE-2020-15163 | 2020-09-09 | Invalid root may become trusted root in The Update Framework (TUF) |
| CVE-2020-7068 | 2020-09-09 | Use of freed hash key in the phar_parse_zipfile function |
| CVE-2020-10049 | 2020-09-09 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to... |
| CVE-2020-10050 | 2020-09-09 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include... |
| CVE-2020-10051 | 2020-09-09 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is... |
| CVE-2020-24379 | 2020-09-09 | WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. |