Lista CVE - 2020 / Settembre
Visualizzazione 201 - 300 di 1592 CVE per Settembre 2020 (Pagina 3 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-25005 | 2020-09-03 | Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. |
| CVE-2020-25004 | 2020-09-03 | Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. |
| CVE-2019-11928 | 2020-09-03 | An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message. |
| CVE-2020-1886 | 2020-09-03 | A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream... |
| CVE-2020-1889 | 2020-09-03 | A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code... |
| CVE-2020-1890 | 2020-09-03 | A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately... |
| CVE-2020-1891 | 2020-09-03 | A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp... |
| CVE-2020-1894 | 2020-09-03 | A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior... |
| CVE-2020-24999 | 2020-09-03 | There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary,... |
| CVE-2020-24996 | 2020-09-03 | There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the... |
| CVE-2020-24978 | 2020-09-03 | In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7. |
| CVE-2020-24977 | 2020-09-03 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. |
| CVE-2019-3881 | 2020-09-04 | Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available.... |
| CVE-2020-24941 | 2020-09-04 | An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions. |
| CVE-2020-24940 | 2020-09-04 | An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a... |
| CVE-2020-3546 | 2020-09-04 | Cisco Email Security Appliance Information Disclosure Vulnerability |
| CVE-2020-3545 | 2020-09-04 | Cisco FXOS Software Buffer Overflow Vulnerability |
| CVE-2020-3542 | 2020-09-04 | Cisco Webex Training Unauthorized Meeting Join Vulnerability |
| CVE-2020-3541 | 2020-09-04 | Cisco Webex Meetings Client for Windows, Webex Meetings Desktop App, and Webex Teams Information Disclosure Vulnerability |
| CVE-2020-3537 | 2020-09-04 | Cisco Jabber for Windows Universal Naming Convention Link Handling Vulnerability |
| CVE-2020-3530 | 2020-09-04 | Cisco IOS XR Authenticated User Privilege Escalation Vulnerability |
| CVE-2020-3498 | 2020-09-04 | Cisco Jabber for Windows Information Disclosure Vulnerability |
| CVE-2020-3495 | 2020-09-04 | Cisco Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability |
| CVE-2020-3478 | 2020-09-04 | Cisco Enterprise NFV Infrastructure Software File Overwrite Vulnerability |
| CVE-2020-3473 | 2020-09-04 | Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerability |
| CVE-2020-3453 | 2020-09-04 | Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities |
| CVE-2020-3451 | 2020-09-04 | Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities |
| CVE-2020-3430 | 2020-09-04 | Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability |
| CVE-2020-3365 | 2020-09-04 | Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability |
| CVE-2020-3547 | 2020-09-04 | Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance Information Disclosure Vulnerability |
| CVE-2020-1911 | 2020-09-04 | A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted... |
| CVE-2020-11493 | 2020-09-04 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without... |
| CVE-2020-12247 | 2020-09-04 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting... |
| CVE-2020-12248 | 2020-09-04 | In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. |
| CVE-2020-25021 | 2020-09-04 | An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access. |
| CVE-2020-25022 | 2020-09-04 | An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access. |
| CVE-2020-25023 | 2020-09-04 | An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access. |
| CVE-2020-23834 | 2020-09-04 | Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer... |
| CVE-2020-7730 | 2020-09-04 | Command Injection |
| CVE-2020-7119 | 2020-09-04 | A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1.0.2 and earlier firmware that allows an already authenticated administrative user to arbitrarily modify files as... |
| CVE-2020-4545 | 2020-09-04 | IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading... |
| CVE-2020-4632 | 2020-09-04 | IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to submit or control... |
| CVE-2020-4702 | 2020-09-04 | IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2020-24659 | 2020-09-04 | An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing,... |
| CVE-2020-7299 | 2020-09-04 | Sensitive Data Exposure vulnerability in McAfee True Key Windows Client |
| CVE-2020-14008 | 2020-09-04 | Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. |
| CVE-2020-24963 | 2020-09-04 | An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4. |
| CVE-2019-20916 | 2020-09-04 | The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as... |
| CVE-2020-24987 | 2020-09-04 | Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the... |
| CVE-2020-24986 | 2020-09-04 | Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to... |
| CVE-2020-24981 | 2020-09-04 | An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS. |
| CVE-2020-15709 | 2020-09-05 | add-apt-repository print ASNI terminal codes |
| CVE-2018-13903 | 2020-09-08 | u'Error in UE due to race condition in EPCO handling' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9205, MDM9206, MSM8909W,... |
| CVE-2019-10527 | 2020-09-08 | u'SMEM partition can be manipulated in case of any compromise on HLOS, thus resulting in access to memory outside of SMEM address range which could lead to memory corruption' in... |
| CVE-2019-10562 | 2020-09-08 | u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loaded into secure memory and leads to memory corruption' in Snapdragon... |
| CVE-2019-10596 | 2020-09-08 | u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2019-10615 | 2020-09-08 | u'Possibility of integer overflow in keymaster 4 while allocating memory due to multiplication of large numcerts value and size of keymaster bob which can lead to memory corruption' in Snapdragon... |
| CVE-2019-10628 | 2020-09-08 | u'Memory can be potentially corrupted if random index is allowed to manipulate TLB entries in Kernel from user library' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,... |
| CVE-2019-10629 | 2020-09-08 | u'User Process can potentially corrupt kernel virtual page by passing a crafted page in API' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2019-13992 | 2020-09-08 | u'Out of bound memory access if stack push and pop operation are performed without doing a bound check on stack top' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer... |
| CVE-2019-13994 | 2020-09-08 | u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than the actual packet size can lead to... |
| CVE-2019-13995 | 2020-09-08 | u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to memory corruption and potential information leakage' in Snapdragon... |
| CVE-2019-13998 | 2020-09-08 | u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into memory corruption and potential information... |
| CVE-2019-13999 | 2020-09-08 | u'Lack of check for integer overflow for round up and addition operations result into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics... |
| CVE-2019-14025 | 2020-09-08 | u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to a particular session and can... |
| CVE-2019-14052 | 2020-09-08 | u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2019-14056 | 2020-09-08 | u'Possible integer overflow in API due to lack of check on large oid range count in cert extension field' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2019-14065 | 2020-09-08 | u'Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2019-14074 | 2020-09-08 | u'Heap overflow in diag command handler due to lack of check of packet length received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2019-14089 | 2020-09-08 | u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon... |
| CVE-2019-14115 | 2020-09-08 | u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is... |
| CVE-2019-14117 | 2020-09-08 | u'Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list which results in a use after free causing... |
| CVE-2019-14119 | 2020-09-08 | u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer... |
| CVE-2020-11115 | 2020-09-08 | u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon... |
| CVE-2020-11116 | 2020-09-08 | u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon... |
| CVE-2020-11117 | 2020-09-08 | u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon... |
| CVE-2020-11118 | 2020-09-08 | u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2020-11120 | 2020-09-08 | u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will... |
| CVE-2020-11122 | 2020-09-08 | u'Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary invalid configuration' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8098, Bitra, Kamorta, SA6155P,... |
| CVE-2020-11128 | 2020-09-08 | u'Possible out of bound access while copying the mask file content into the buffer without checking the buffer size' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2020-11133 | 2020-09-08 | u'Possible out of bound array write in rxdco cal utility due to lack of array bound check' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8998,... |
| CVE-2020-11158 | 2020-09-08 | u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due to lack of check of PDF font array leads to denial of service' in IPS PDF releases prior to... |
| CVE-2020-3611 | 2020-09-08 | u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure... |
| CVE-2020-3619 | 2020-09-08 | u'Non-secure memory is touched multiple times during TrustZone\u2019s execution and can lead to privilege escalation or memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2020-3620 | 2020-09-08 | u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak'... |
| CVE-2020-3621 | 2020-09-08 | u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption... |
| CVE-2020-3622 | 2020-09-08 | u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto,... |
| CVE-2020-3624 | 2020-09-08 | u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer... |
| CVE-2020-3629 | 2020-09-08 | u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes' in Snapdragon Auto,... |
| CVE-2020-3636 | 2020-09-08 | u'Out of bound writes happen when accessing usage_table header entry beyond the memory allocated for the header' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure... |
| CVE-2020-3640 | 2020-09-08 | u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state when a HLOS adversary calls the function with... |
| CVE-2020-3643 | 2020-09-08 | u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &... |
| CVE-2020-3644 | 2020-09-08 | u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2020-3646 | 2020-09-08 | u'Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2020-3647 | 2020-09-08 | u'Potential buffer overflow when accessing npu debugfs node "off"/"log" with large buffer size' in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, SC8180X, SDX55,... |
| CVE-2020-3648 | 2020-09-08 | u'Possible out of bound write in DSP driver code due to lack of check of data received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2020-3666 | 2020-09-08 | u'Out of bounds memory access during memory copy while processing Host command' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2020-3667 | 2020-09-08 | u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2020-3668 | 2020-09-08 | u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics... |
| CVE-2020-3669 | 2020-09-08 | u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |