CVE List - 2020 / December
Showing 801 - 900 of 1538 CVEs for December 2020 (Page 9 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-35469 | 2020-12-15 | The Software AG Terracotta Server OSS Docker image 5.4.1 contains... |
| CVE-2020-35193 | 2020-12-15 | The official sonarqube docker images before alpine (Alpine specific) contain... |
| CVE-2020-35476 | 2020-12-16 | A remote code execution vulnerability occurs in OpenTSDB through 2.4.0... |
| CVE-2020-26259 | 2020-12-16 | XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling |
| CVE-2020-26258 | 2020-12-16 | Server-Side Forgery Request can be activated unmarshalling with XStream |
| CVE-2020-26273 | 2020-12-16 | sqlite ATTACH allows some filesystem access |
| CVE-2020-5682 | 2020-12-16 | Improper input validation in GROWI versions prior to v4.2.3 (v4.2... |
| CVE-2020-5683 | 2020-12-16 | Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2... |
| CVE-2020-28458 | 2020-12-16 | Prototype Pollution |
| CVE-2020-29363 | 2020-12-16 | An issue was discovered in p11-kit 0.23.6 through 0.23.21. A... |
| CVE-2020-29362 | 2020-12-16 | An issue was discovered in p11-kit 0.21.1 through 0.23.21. A... |
| CVE-2020-29361 | 2020-12-16 | An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple... |
| CVE-2020-25617 | 2020-12-16 | An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts... |
| CVE-2020-25618 | 2020-12-16 | An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo... |
| CVE-2020-25619 | 2020-12-16 | An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH... |
| CVE-2020-25620 | 2020-12-16 | An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials... |
| CVE-2020-25621 | 2020-12-16 | An issue was discovered in SolarWinds N-Central 12.3.0.670. The local... |
| CVE-2020-25622 | 2020-12-16 | An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts... |
| CVE-2020-14254 | 2020-12-16 | TLS-RSA cipher suites are not disabled in HCL BigFix Inventory... |
| CVE-2020-14248 | 2020-12-16 | BigFix Inventory up to v10.0.2 does not set the secure... |
| CVE-2020-4008 | 2020-12-16 | The installer of the macOS Sensor for VMware Carbon Black... |
| CVE-2020-29607 | 2020-12-16 | A file upload restriction bypass vulnerability in Pluck CMS before... |
| CVE-2019-14477 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal... |
| CVE-2019-14480 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in... |
| CVE-2019-14483 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read... |
| CVE-2019-14482 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability... |
| CVE-2020-26198 | 2020-12-16 | Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain... |
| CVE-2020-5359 | 2020-12-16 | Dell BSAFE Micro Edition Suite, versions prior to 4.5, are... |
| CVE-2020-5360 | 2020-12-16 | Dell BSAFE Micro Edition Suite, versions prior to 4.5, are... |
| CVE-2020-7837 | 2020-12-16 | An issue was discovered in ML Report Program. There is... |
| CVE-2019-14479 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch... |
| CVE-2019-14476 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability... |
| CVE-2019-14481 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability... |
| CVE-2019-14478 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability... |
| CVE-2020-35133 | 2020-12-16 | irfanView 4.56 contains an error processing parsing files of type... |
| CVE-2020-7781 | 2020-12-16 | Command Injection |
| CVE-2020-26274 | 2020-12-16 | Command Injection Vulnerability in systeminformation |
| CVE-2020-28929 | 2020-12-16 | Unrestricted access to the log downloader functionality in EPSON EPS... |
| CVE-2020-28930 | 2020-12-16 | A Cross-Site Scripting (XSS) issue in the 'update user' and... |
| CVE-2020-28931 | 2020-12-16 | Lack of an anti-CSRF token in the entire administrative interface... |
| CVE-2020-4657 | 2020-12-16 | IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is... |
| CVE-2020-4658 | 2020-12-16 | IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to... |
| CVE-2020-4904 | 2020-12-16 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4... |
| CVE-2020-4905 | 2020-12-16 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4... |
| CVE-2020-4906 | 2020-12-16 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4... |
| CVE-2020-4907 | 2020-12-16 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4... |
| CVE-2020-4908 | 2020-12-16 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4... |
| CVE-2020-35185 | 2020-12-17 | The official ghost docker images before 2.16.1-alpine (Alpine specific) contain... |
| CVE-2020-35189 | 2020-12-17 | The official kong docker images before 1.0.2-alpine (Alpine specific) contain... |
| CVE-2020-35187 | 2020-12-17 | The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain... |
| CVE-2020-35197 | 2020-12-17 | The official memcached docker images before 1.5.11-alpine (Alpine specific) contain... |
| CVE-2020-35191 | 2020-12-17 | The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain... |
| CVE-2020-35195 | 2020-12-17 | The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain... |
| CVE-2020-35186 | 2020-12-17 | The official adminer docker images before 4.7.0-fastcgi contain a blank... |
| CVE-2020-35196 | 2020-12-17 | The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain... |
| CVE-2020-35184 | 2020-12-17 | The official composer docker images before 1.8.3 contain a blank... |
| CVE-2020-35190 | 2020-12-17 | The official plone Docker images before version of 4.3.18-alpine (Alpine... |
| CVE-2020-35192 | 2020-12-17 | The official vault docker images before 0.11.6 contain a blank... |
| CVE-2020-29436 | 2020-12-17 | Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user... |
| CVE-2020-25096 | 2020-12-17 | LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users... |
| CVE-2020-25095 | 2020-12-17 | LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface... |
| CVE-2020-25094 | 2020-12-17 | LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this,... |
| CVE-2020-25010 | 2020-12-17 | An arbitrary code execution vulnerability in Kyland KPS2204 6 Port... |
| CVE-2020-25011 | 2020-12-17 | A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port... |
| CVE-2020-35123 | 2020-12-17 | In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10... |
| CVE-2020-27199 | 2020-12-17 | The Magic Home Pro application 1.5.1 for Android allows Authentication... |
| CVE-2020-29652 | 2020-12-17 | A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c... |
| CVE-2020-35177 | 2020-12-17 | HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the... |
| CVE-2020-35453 | 2020-12-17 | HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests... |
| CVE-2020-22083 | 2020-12-17 | jsonpickle through 1.4.1 allows remote code execution during deserialization of... |
| CVE-2020-15292 | 2020-12-17 | Lack of validation on data read from guest memory in Bitdefender HVI (VA-9333) |
| CVE-2020-15294 | 2020-12-17 | Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in Bitdefender Hypervisor Introspection (VA-9339) |
| CVE-2020-15293 | 2020-12-17 | Memory corruption in Bitdefender Hypervisor Introspection (VA-9336) |
| CVE-2020-35489 | 2020-12-17 | The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for... |
| CVE-2020-4845 | 2020-12-17 | IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable... |
| CVE-2020-4846 | 2020-12-17 | IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow... |
| CVE-2020-35491 | 2020-12-17 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization... |
| CVE-2020-35490 | 2020-12-17 | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization... |
| CVE-2020-26276 | 2020-12-17 | SAML authentication vulnerability in Fleet |
| CVE-2020-35545 | 2020-12-17 | Time-based SQL injection exists in Spotweb 1.4.9 via the query... |
| CVE-2020-27010 | 2020-12-17 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web... |
| CVE-2020-8461 | 2020-12-17 | A CSRF protection bypass vulnerability in Trend Micro InterScan Web... |
| CVE-2020-8462 | 2020-12-17 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web... |
| CVE-2020-8463 | 2020-12-17 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance... |
| CVE-2020-8464 | 2020-12-17 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance... |
| CVE-2020-8465 | 2020-12-17 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance... |
| CVE-2020-8466 | 2020-12-17 | A command injection vulnerability in Trend Micro InterScan Web Security... |
| CVE-2020-20142 | 2020-12-17 | Cross Site Scripting (XSS) vulnerability in the "To Remote CSV"... |
| CVE-2020-20141 | 2020-12-17 | Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA)... |
| CVE-2020-20140 | 2020-12-17 | Cross Site Scripting (XSS) vulnerability in Remote Report component under... |
| CVE-2020-20139 | 2020-12-17 | Cross Site Scripting (XSS) vulnerability in the Remote JSON component... |
| CVE-2020-20138 | 2020-12-17 | Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module... |
| CVE-2020-12522 | 2020-12-17 | Command Injection Vulnerability in I/O-Check Service of WAGO PFC100, PFC200 and Touch Panel 600 Series with firmware versions <=FW10 |
| CVE-2020-12517 | 2020-12-17 | Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation). |
| CVE-2020-12518 | 2020-12-17 | Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks. |
| CVE-2020-12519 | 2020-12-17 | Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: An attacker can use this vulnerability i.e. to open a reverse shell with root privileges. |
| CVE-2020-12521 | 2020-12-17 | Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS: A specially crafted LLDP packet may lead to a high system load in the PROFINET stack. |
| CVE-2020-12523 | 2020-12-17 | Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration |
| CVE-2020-13527 | 2020-12-17 | An authentication bypass vulnerability exists in the Web Manager functionality... |
| CVE-2020-13528 | 2020-12-17 | An information disclosure vulnerability exists in the Web Manager and... |