CVE List - 2020 / January
Showing 1501 - 1600 of 1655 CVEs for January 2020 (Page 16 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-2099 | 2020-01-29 | Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the... |
| CVE-2020-2100 | 2020-01-29 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. |
| CVE-2020-2101 | 2020-01-29 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack... |
| CVE-2020-2102 | 2020-01-29 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC. |
| CVE-2020-2103 | 2020-01-29 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session identifiers on a user's detail object in the whoAmI diagnostic page. |
| CVE-2020-2104 | 2020-01-29 | Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart. |
| CVE-2020-2105 | 2020-01-29 | REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks. |
| CVE-2020-2106 | 2020-01-29 | Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users... |
| CVE-2020-2107 | 2020-01-29 | Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission,... |
| CVE-2020-2108 | 2020-01-29 | Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. |
| CVE-2019-7654 | 2020-01-29 | Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as adding another... |
| CVE-2019-7656 | 2020-01-29 | A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any unprivileged Linux user to escalate privileges to root. The installer sets too relaxed permissions on /usr/local/WowzaStreamingEngine/bin/* core... |
| CVE-2019-7655 | 2020-01-29 | Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check... |
| CVE-2020-7247 | 2020-01-29 | smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated... |
| CVE-2020-8092 | 2020-01-29 | Privilege escalation in Bitdefender AV for Mac |
| CVE-2020-8093 | 2020-01-29 | Code Injection into Bitdefender AV for Mac |
| CVE-2020-8416 | 2020-01-29 | IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port. |
| CVE-2013-2567 | 2020-01-29 | An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user... |
| CVE-2013-2568 | 2020-01-29 | A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code. |
| CVE-2013-2569 | 2020-01-29 | A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to... |
| CVE-2013-3215 | 2020-01-29 | vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. |
| CVE-2019-18634 | 2020-01-29 | In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint... |
| CVE-2013-2570 | 2020-01-29 | A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user... |
| CVE-2013-2572 | 2020-01-29 | A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could... |
| CVE-2013-2573 | 2020-01-29 | A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious... |
| CVE-2020-8432 | 2020-01-29 | In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary... |
| CVE-2013-2574 | 2020-01-29 | An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. |
| CVE-2020-3710 | 2020-01-29 | Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-3711 | 2020-01-29 | Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-3712 | 2020-01-29 | Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-3713 | 2020-01-29 | Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-3714 | 2020-01-29 | Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-3715 | 2020-01-29 | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2020-3716 | 2020-01-29 | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-3717 | 2020-01-29 | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2020-3718 | 2020-01-29 | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-3719 | 2020-01-29 | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2020-3758 | 2020-01-29 | Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. |
| CVE-2019-20445 | 2020-01-29 | HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. |
| CVE-2019-20444 | 2020-01-29 | HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as... |
| CVE-2019-10783 | 2020-01-29 | All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input. |
| CVE-2013-3316 | 2020-01-29 | Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". |
| CVE-2013-3317 | 2020-01-29 | Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. |
| CVE-2013-3320 | 2020-01-29 | Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields. |
| CVE-2013-3321 | 2020-01-29 | NetApp OnCommand System Manager 2.1 and earlier allows remote attackers to include arbitrary files through specially crafted requests to the "diagnostic" page using the SnapMirror log path parameter. |
| CVE-2020-8438 | 2020-01-29 | Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. |
| CVE-2020-3147 | 2020-01-29 | Cisco Small Business Switches Denial of Service Vulnerability |
| CVE-2020-8492 | 2020-01-30 | Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks... |
| CVE-2020-8448 | 2020-01-30 | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the... |
| CVE-2020-8447 | 2020-01-30 | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from authenticated remote agents and... |
| CVE-2020-8446 | 2020-01-30 | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd... |
| CVE-2020-8445 | 2020-01-30 | In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later... |
| CVE-2020-8444 | 2020-01-30 | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and... |
| CVE-2020-8443 | 2020-01-30 | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from... |
| CVE-2020-8442 | 2020-01-30 | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client. |
| CVE-2013-0291 | 2020-01-30 | NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability |
| CVE-2013-0725 | 2020-01-30 | ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary code execution vulnerabilities |
| CVE-2013-1866 | 2020-01-30 | OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability |
| CVE-2013-1867 | 2020-01-30 | Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerability |
| CVE-2013-1350 | 2020-01-30 | Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities |
| CVE-2013-1351 | 2020-01-30 | Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. |
| CVE-2013-1352 | 2020-01-30 | Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive. |
| CVE-2013-1631 | 2020-01-30 | Verax NMS prior to 2.1.0 leaks connection details when any user executes a Repair Table action |
| CVE-2013-0738 | 2020-01-30 | Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php. |
| CVE-2013-0739 | 2020-01-30 | Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script. |
| CVE-2019-20050 | 2020-01-30 | Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager.... |
| CVE-2020-7904 | 2020-01-30 | In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. |
| CVE-2020-7905 | 2020-01-30 | Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. |
| CVE-2020-7906 | 2020-01-30 | In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3. |
| CVE-2020-7908 | 2020-01-30 | In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. |
| CVE-2020-7909 | 2020-01-30 | In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. |
| CVE-2020-7910 | 2020-01-30 | JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role. |
| CVE-2020-7911 | 2020-01-30 | In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS. |
| CVE-2020-7912 | 2020-01-30 | In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups. |
| CVE-2020-7913 | 2020-01-30 | JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description. |
| CVE-2020-1931 | 2020-01-30 | A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue... |
| CVE-2020-1930 | 2020-01-30 | A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With... |
| CVE-2020-5233 | 2020-01-30 | Open Redirect in OAuth2 Proxy |
| CVE-2019-17273 | 2020-01-30 | E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments. |
| CVE-2014-3718 | 2020-01-30 | Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via... |
| CVE-2014-3719 | 2020-01-30 | Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find,... |
| CVE-2020-5228 | 2020-01-30 | Opencast allows unauthorized public access via OAI-PMH |
| CVE-2020-5229 | 2020-01-30 | Opencast stores passwords using outdated MD5 hash algorithm |
| CVE-2012-6133 | 2020-01-30 | Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*. |
| CVE-2013-4241 | 2020-01-30 | Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image,... |
| CVE-2013-2294 | 2020-01-30 | Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a (1) tag name to the Shortlog table in... |
| CVE-2013-2198 | 2020-01-30 | The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username. |
| CVE-2013-4187 | 2020-01-30 | The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link... |
| CVE-2015-8851 | 2020-01-30 | node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing. |
| CVE-2015-0949 | 2020-01-30 | The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure... |
| CVE-2020-5222 | 2020-01-30 | Hard-Coded Key Used For Remember-me Token in OpenCast |
| CVE-2020-5230 | 2020-01-30 | Opencast uses unsafe identifiers |
| CVE-2020-8095 | 2020-01-30 | Bitdefender Total Security Link Resolution Denial-of-Service Vulnerability |
| CVE-2019-20358 | 2020-01-30 | Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote... |
| CVE-2020-5231 | 2020-01-30 | Opencast users with ROLE_COURSE_ADMIN can create new users |
| CVE-2020-8496 | 2020-01-30 | In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored XSS vulnerability by setting the Application Banner input field of the /ApplicationBanner... |
| CVE-2020-8495 | 2020-01-30 | In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges... |
| CVE-2020-8494 | 2020-01-30 | In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain... |
| CVE-2020-8493 | 2020-01-30 | A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x versions before 4.0 via multiple input fields (Login Message, Banner Message, and Password Instructions)... |
| CVE-2020-5206 | 2020-01-30 | Authentication Bypass For Endpoints With Anonymous Access in OpenCast |