Lista CVE - 2020 / Settembre
Visualizzazione 601 - 700 di 1592 CVE per Settembre 2020 (Pagina 7 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2020-1252 | 2020-09-11 | Windows Remote Code Execution Vulnerability |
| CVE-2020-1256 | 2020-09-11 | Windows GDI Information Disclosure Vulnerability |
| CVE-2020-1285 | 2020-09-11 | GDI+ Remote Code Execution Vulnerability |
| CVE-2020-1303 | 2020-09-11 | Windows Runtime Elevation of Privilege Vulnerability |
| CVE-2020-1308 | 2020-09-11 | DirectX Elevation of Privilege Vulnerability |
| CVE-2020-1319 | 2020-09-11 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| CVE-2020-1332 | 2020-09-11 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2020-1335 | 2020-09-11 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2020-1338 | 2020-09-11 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2020-1345 | 2020-09-11 | Microsoft Office SharePoint XSS Vulnerability |
| CVE-2020-1376 | 2020-09-11 | Windows Elevation of Privilege Vulnerability |
| CVE-2020-1440 | 2020-09-11 | Microsoft SharePoint Server Tampering Vulnerability |
| CVE-2020-1452 | 2020-09-11 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2020-1453 | 2020-09-11 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2020-1460 | 2020-09-11 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2020-1471 | 2020-09-11 | Windows CloudExperienceHost Elevation of Privilege Vulnerability |
| CVE-2020-1482 | 2020-09-11 | Microsoft Office SharePoint XSS Vulnerability |
| CVE-2020-1491 | 2020-09-11 | Windows Function Discovery Service Elevation of Privilege Vulnerability |
| CVE-2020-1506 | 2020-09-11 | Windows Start-Up Application Elevation of Privilege Vulnerability |
| CVE-2020-1507 | 2020-09-11 | Microsoft COM for Windows Elevation of Privilege Vulnerability |
| CVE-2020-1508 | 2020-09-11 | Windows Media Audio Decoder Remote Code Execution Vulnerability |
| CVE-2020-1514 | 2020-09-11 | Microsoft Office SharePoint XSS Vulnerability |
| CVE-2020-1523 | 2020-09-11 | Microsoft SharePoint Server Tampering Vulnerability |
| CVE-2020-1532 | 2020-09-11 | Windows InstallService Elevation of Privilege Vulnerability |
| CVE-2020-1559 | 2020-09-11 | Windows Storage Services Elevation of Privilege Vulnerability |
| CVE-2020-1575 | 2020-09-11 | Microsoft Office SharePoint XSS Vulnerability |
| CVE-2020-1576 | 2020-09-11 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2020-1589 | 2020-09-11 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2020-1590 | 2020-09-11 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability |
| CVE-2020-1592 | 2020-09-11 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2020-1593 | 2020-09-11 | Windows Media Audio Decoder Remote Code Execution Vulnerability |
| CVE-2020-1594 | 2020-09-11 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2020-1595 | 2020-09-11 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2020-1596 | 2020-09-11 | TLS Information Disclosure Vulnerability |
| CVE-2020-1598 | 2020-09-11 | Windows UPnP Service Elevation of Privilege Vulnerability |
| CVE-2020-14332 | 2020-09-11 | A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw... |
| CVE-2020-14363 | 2020-09-11 | An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in... |
| CVE-2013-7491 | 2020-09-11 | An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets... |
| CVE-2013-7490 | 2020-09-11 | An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. |
| CVE-2014-10401 | 2020-09-11 | An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. |
| CVE-2020-23824 | 2020-09-11 | ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forgery (CSRF) for perform remote arbitrary code execution. The component is the Administration dashboard. When using admin/user credentials, if... |
| CVE-2020-25279 | 2020-09-11 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to... |
| CVE-2020-25280 | 2020-09-11 | An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung... |
| CVE-2020-25278 | 2020-09-11 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted... |
| CVE-2020-25282 | 2020-09-11 | An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions... |
| CVE-2020-25283 | 2020-09-11 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode.... |
| CVE-2020-25281 | 2020-09-11 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle... |
| CVE-2020-25285 | 2020-09-13 | A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or... |
| CVE-2020-25284 | 2020-09-13 | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to... |
| CVE-2020-25286 | 2020-09-13 | In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. |
| CVE-2020-25287 | 2020-09-13 | Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. |
| CVE-2020-25291 | 2020-09-13 | GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp... |
| CVE-2020-25289 | 2020-09-13 | The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions). |
| CVE-2020-21731 | 2020-09-14 | Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the webapplication stores the injected code. |
| CVE-2020-21732 | 2020-09-14 | Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename. |
| CVE-2020-21733 | 2020-09-14 | Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp. |
| CVE-2020-7807 | 2020-09-14 | DLL Hijacking Vulnerabilities During Installation of LG Electronics Software |
| CVE-2020-25540 | 2020-09-14 | ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. |
| CVE-2020-24660 | 2020-09-14 | An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also... |
| CVE-2020-12787 | 2020-09-14 | Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. |
| CVE-2020-12788 | 2020-09-14 | CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. |
| CVE-2020-12789 | 2020-09-14 | The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. |
| CVE-2020-11683 | 2020-09-14 | A timing side channel was discovered in AT91bootstrap before 3.9.2. It can be exploited by attackers with physical access to forge CMAC values and subsequently boot arbitrary code on an... |
| CVE-2020-11684 | 2020-09-14 | AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys... |
| CVE-2018-20432 | 2020-09-14 | D-Link COVR-2600R and COVR-3902 Kit before 1.01b05Beta01 use hardcoded credentials for telnet connection, which allows unauthenticated attackers to gain privileged access to the router, and to extract sensitive data or... |
| CVE-2020-8817 | 2020-09-14 | Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata. |
| CVE-2020-25375 | 2020-09-14 | Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town... |
| CVE-2020-22158 | 2020-09-14 | MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send... |
| CVE-2020-25378 | 2020-09-14 | Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter. |
| CVE-2020-25379 | 2020-09-14 | Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. |
| CVE-2020-25380 | 2020-09-14 | Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that... |
| CVE-2019-0230 | 2020-09-14 | Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. |
| CVE-2019-0233 | 2020-09-14 | An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. |
| CVE-2020-21845 | 2020-09-14 | Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.' |
| CVE-2020-25575 | 2020-09-14 | An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This... |
| CVE-2020-25576 | 2020-09-14 | An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints. |
| CVE-2020-25574 | 2020-09-14 | An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop). |
| CVE-2020-25573 | 2020-09-14 | An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint. |
| CVE-2020-0570 | 2020-09-14 | Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. |
| CVE-2020-24457 | 2020-09-14 | Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information... |
| CVE-2019-14756 | 2020-09-14 | An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email... |
| CVE-2020-13300 | 2020-09-14 | GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. |
| CVE-2020-13299 | 2020-09-14 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid... |
| CVE-2020-13316 | 2020-09-14 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not validating a Deploy-Token and allowed a disabled repository be accessible via a git command line. |
| CVE-2020-13287 | 2020-09-14 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Project reporters and above could see confidential EPIC attached to confidential issues |
| CVE-2020-13289 | 2020-09-14 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. In certain cases an invalid username could be accepted when 2FA is activated. |
| CVE-2020-13284 | 2020-09-14 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token |
| CVE-2020-13318 | 2020-09-14 | A vulnerability was discovered in GitLab versions before 13.0.12, 13.1.10, 13.2.8 and 13.3.4. GitLabs EKS integration was vulnerable to a cross-account assume role attack. |
| CVE-2019-14757 | 2020-09-14 | An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the... |
| CVE-2019-14758 | 2020-09-14 | An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email... |
| CVE-2019-14759 | 2020-09-14 | An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into... |
| CVE-2019-14760 | 2020-09-14 | An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application.... |
| CVE-2019-14761 | 2020-09-14 | An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application.... |
| CVE-2020-13317 | 2020-09-14 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository. |
| CVE-2020-13313 | 2020-09-14 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control. |
| CVE-2020-13312 | 2020-09-14 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab OAuth endpoint was vulnerable to brute-force attacks through a specific parameter. |
| CVE-2020-13311 | 2020-09-14 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Wiki was vulnerable to a parser attack that prohibits anyone from accessing the Wiki functionality through the user... |
| CVE-2020-13314 | 2020-09-14 | A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within... |
| CVE-2020-10229 | 2020-09-14 | A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts. |
| CVE-2020-10228 | 2020-09-14 | A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. |