CVE List - 2020 / January
Showing 1301 - 1400 of 1655 CVEs for January 2020 (Page 14 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-20433 | 2020-01-27 | libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of... |
| CVE-2019-17102 | 2020-01-27 | Bitdefender BOX v2 bootstrap update_setup command execution vulnerability (VA-2226) |
| CVE-2013-4462 | 2020-01-27 | WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability |
| CVE-2019-17103 | 2020-01-27 | Get-task-allow entitlement via BDLDaemon on macOS |
| CVE-2014-4156 | 2020-01-27 | Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability |
| CVE-2013-5659 | 2020-01-27 | Wiz 5.0.3 has a user mode write access violation |
| CVE-2013-0286 | 2020-01-27 | Pinboard 1.0.6 theme for Wordpress has XSS. |
| CVE-2013-3492 | 2020-01-27 | XnView 2.03 has a stack-based buffer overflow vulnerability |
| CVE-2012-1496 | 2020-01-27 | Local file inclusion in WebCalendar before 1.2.5. |
| CVE-2013-3493 | 2020-01-27 | XnView 2.03 has an integer overflow vulnerability |
| CVE-2013-3486 | 2020-01-27 | IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability |
| CVE-2012-1495 | 2020-01-27 | install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter. |
| CVE-2011-4558 | 2020-01-27 | Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters. |
| CVE-2006-7246 | 2020-01-27 | NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. |
| CVE-2015-3154 | 2020-01-27 | CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response... |
| CVE-2015-0294 | 2020-01-27 | GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. |
| CVE-2019-17190 | 2020-01-27 | A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM)... |
| CVE-2014-8161 | 2020-01-27 | PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and... |
| CVE-2015-0244 | 2020-01-27 | PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers... |
| CVE-2015-0243 | 2020-01-27 | Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial... |
| CVE-2015-0242 | 2020-01-27 | Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows... |
| CVE-2015-0241 | 2020-01-27 | The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service... |
| CVE-2014-9481 | 2020-01-27 | The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML. |
| CVE-2013-4441 | 2020-01-27 | The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. |
| CVE-2020-7952 | 2020-01-27 | rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server,... |
| CVE-2020-7951 | 2020-01-27 | meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server,... |
| CVE-2020-7950 | 2020-01-27 | meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server,... |
| CVE-2020-7949 | 2020-01-27 | schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server,... |
| CVE-2020-7238 | 2020-01-27 | Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for... |
| CVE-2019-19825 | 2020-01-27 | On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {"topicurl":"setting/getSanvas"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text... |
| CVE-2019-19824 | 2020-01-27 | On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not... |
| CVE-2019-17094 | 2020-01-27 | Stack-Based Overflow vulnerability in Belkin WeMo Insights Switch |
| CVE-2019-17095 | 2020-01-27 | Bitdefender BOX 2 bootstrap download_image command injection vulnerability |
| CVE-2019-17099 | 2020-01-27 | Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500) |
| CVE-2014-7301 | 2020-01-27 | SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading... |
| CVE-2014-7302 | 2020-01-27 | SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx. |
| CVE-2014-7303 | 2020-01-27 | SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading... |
| CVE-2014-8742 | 2020-01-27 | Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2014-8741 | 2020-01-27 | Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors. |
| CVE-2013-7390 | 2020-01-27 | Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension,... |
| CVE-2013-4770 | 2020-01-27 | Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2019-19823 | 2020-01-27 | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0,... |
| CVE-2019-19822 | 2020-01-27 | A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU... |
| CVE-2014-3979 | 2020-01-27 | Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP. |
| CVE-2019-19539 | 2020-01-27 | An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file... |
| CVE-2019-19143 | 2020-01-27 | TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI. |
| CVE-2019-15313 | 2020-01-27 | In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability. |
| CVE-2019-12427 | 2020-01-27 | Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console. |
| CVE-2019-11318 | 2020-01-27 | Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. |
| CVE-2014-5500 | 2020-01-27 | Synacor Zimbra Collaboration before 8.0.8 has XSS. |
| CVE-2015-2249 | 2020-01-27 | Zimbra Collaboration before 8.6.0 patch5 has XSS. |
| CVE-2018-19441 | 2020-01-27 | An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization.... |
| CVE-2019-8947 | 2020-01-27 | Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. |
| CVE-2019-8946 | 2020-01-27 | Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. |
| CVE-2019-8945 | 2020-01-27 | Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. |
| CVE-2014-8563 | 2020-01-27 | Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. |
| CVE-2019-11288 | 2020-01-27 | tcServer JMX Socket Listener Registry Rebinding Local Privilege Escalation |
| CVE-2020-5207 | 2020-01-27 | Request smuggling is possible in Ktor when both chunked TE and content length specified |
| CVE-2020-8087 | 2020-01-27 | SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter... |
| CVE-2020-8088 | 2020-01-27 | panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively... |
| CVE-2020-5220 | 2020-01-27 | Ability to expose data in Sylius by using an unintended serialisation group |
| CVE-2020-5218 | 2020-01-27 | Ability in Sylius to switch channels via GET parameter enabled in production environments |
| CVE-2012-6448 | 2020-01-27 | Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2020-8090 | 2020-01-27 | The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login). |
| CVE-2013-2267 | 2020-01-27 | PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system. |
| CVE-2013-2474 | 2020-01-27 | Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter. |
| CVE-2020-8091 | 2020-01-27 | svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may... |
| CVE-2013-2499 | 2020-01-27 | SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie. |
| CVE-2013-2612 | 2020-01-27 | Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI. |
| CVE-2019-13521 | 2020-01-27 | A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to... |
| CVE-2019-13519 | 2020-01-27 | A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to... |
| CVE-2019-8257 | 2020-01-27 | Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability.... |
| CVE-2019-7131 | 2020-01-27 | Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary... |
| CVE-2019-20436 | 2020-01-27 | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS... |
| CVE-2019-20443 | 2020-01-27 | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS)... |
| CVE-2019-20442 | 2020-01-27 | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS)... |
| CVE-2019-20441 | 2020-01-27 | An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher. |
| CVE-2019-20440 | 2020-01-27 | An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher. |
| CVE-2019-20439 | 2020-01-27 | An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the "manage the API" page of... |
| CVE-2019-20438 | 2020-01-27 | An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher. |
| CVE-2019-20437 | 2020-01-27 | An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is... |
| CVE-2019-20435 | 2020-01-27 | An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an... |
| CVE-2019-20434 | 2020-01-27 | An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console. |
| CVE-2020-0548 | 2020-01-28 | Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2020-0549 | 2020-01-28 | Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2019-10779 | 2020-01-28 | All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI... |
| CVE-2019-10770 | 2020-01-28 | All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data.... |
| CVE-2020-1928 | 2020-01-28 | An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive... |
| CVE-2020-1933 | 2020-01-28 | A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not... |
| CVE-2020-1932 | 2020-01-28 | An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing... |
| CVE-2019-17651 | 2020-01-28 | An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to... |
| CVE-2019-15607 | 2020-01-28 | A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker... |
| CVE-2019-15586 | 2020-01-28 | A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. |
| CVE-2019-5462 | 2020-01-28 | A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed. |
| CVE-2019-15585 | 2020-01-28 | Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that... |
| CVE-2019-5464 | 2020-01-28 | A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized. |
| CVE-2019-15583 | 2020-01-28 | An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project... |
| CVE-2019-5465 | 2020-01-28 | An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID. |
| CVE-2019-5474 | 2020-01-28 | An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions. |
| CVE-2019-15590 | 2020-01-28 | An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be... |