CVE List - 2020 / March
Showing 101 - 200 of 1754 CVEs for March 2020 (Page 2 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-3127 | 2020-03-04 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3128 | 2020-03-04 | Cisco Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3148 | 2020-03-04 | Cisco Prime Network Registrar Cross-Site Request Forgery Vulnerability |
| CVE-2020-3155 | 2020-03-04 | Cisco Intelligent Proximity SSL Certificate Validation Vulnerability |
| CVE-2020-3157 | 2020-03-04 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2020-3164 | 2020-03-04 | Cisco ESA, Cisco WSA, and Cisco SMA GUI Denial of Service Vulnerability |
| CVE-2020-3176 | 2020-03-04 | Cisco Remote PHY Device Software Command Injection Vulnerability |
| CVE-2020-9054 | 2020-03-04 | ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi |
| CVE-2020-7130 | 2020-03-04 | HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneView Global Dashboard - After Upgrade or Install of OVGD Version 1.9, Appliance Firewall May Leave Ports... |
| CVE-2020-8659 | 2020-03-04 | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. |
| CVE-2020-8661 | 2020-03-04 | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. |
| CVE-2020-8664 | 2020-03-04 | CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation... |
| CVE-2020-8660 | 2020-03-04 | CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI,... |
| CVE-2019-17643 | 2020-03-04 | An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXMLHost4Services.php. |
| CVE-2019-17644 | 2020-03-04 | An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/refreshMacroAjax.php. |
| CVE-2019-14886 | 2020-03-05 | A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an... |
| CVE-2020-10105 | 2020-03-05 | An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code... |
| CVE-2020-10104 | 2020-03-05 | An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized... |
| CVE-2020-10103 | 2020-03-05 | An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will... |
| CVE-2020-10102 | 2020-03-05 | An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password functionality is implemented in a way that would enable an anonymous user to guess valid user emails. In... |
| CVE-2020-10101 | 2020-03-05 | An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked... |
| CVE-2020-10100 | 2020-03-05 | An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access... |
| CVE-2020-10099 | 2020-03-05 | An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Ticket functionality in Zammad. The malicious JavaScript will execute... |
| CVE-2020-10098 | 2020-03-05 | An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the... |
| CVE-2020-10097 | 2020-03-05 | An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully... |
| CVE-2020-10096 | 2020-03-05 | An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access... |
| CVE-2018-11838 | 2020-03-05 | Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2019-10526 | 2020-03-05 | Out of bound write in WLAN driver due to NULL character not properly placed after SSID name in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2019-10546 | 2020-03-05 | Buffer overflow can occur in WLAN firmware while parsing beacon/probe_response frames during roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2019-10549 | 2020-03-05 | Null pointer dereference issue can happen due to improper validation of CSEQ header response received from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2019-10550 | 2020-03-05 | Buffer Over-read when UE is trying to process the message received form the network without zero termination in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,... |
| CVE-2019-10552 | 2020-03-05 | Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial... |
| CVE-2019-10553 | 2020-03-05 | Multiple Read overflows due to improper length checks while decoding authentication in Cs domain/RAU Reject and TC cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2019-10554 | 2020-03-05 | Multiple Read overflows issue due to improper length check while decoding Identity Request in CSdomain/Authentication Reject in CS domain/ PRAU accept/while logging DL message in Snapdragon Auto, Snapdragon Compute, Snapdragon... |
| CVE-2019-10569 | 2020-03-05 | Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098,... |
| CVE-2019-10577 | 2020-03-05 | Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,... |
| CVE-2019-10586 | 2020-03-05 | Filling media attribute tag names without validating the destination buffer size which can result in the buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2019-10587 | 2020-03-05 | Possible Stack overflow can occur when processing a large SDP body or non standard SDP body without right delimiters in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2019-10591 | 2020-03-05 | Null pointer dereference can happen when parsing udta atom which is non-standard and having invalid depth in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2019-10593 | 2020-03-05 | Buffer overflow can occur when processing non standard SDP video Image attribute parameter in a VILTE\VOLTE call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,... |
| CVE-2019-10594 | 2020-03-05 | Stack overflow can occur when SDP is received with multiple payload types in the FMTP attribute of a video M line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2019-10603 | 2020-03-05 | Use after free issue occurs If the real device interface goes down and a route lookup is performed while sending a raw IPv6 message in Snapdragon Auto, Snapdragon Compute, Snapdragon... |
| CVE-2019-10604 | 2020-03-05 | Possibility of heap-buffer-overflow during last iteration of loop while populating image version information in diag command response packet, in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2019-10612 | 2020-03-05 | UTCB object has a function pointer called by the reaper to deallocate its memory resources and this address can potentially be corrupted by stack overflow in Snapdragon Auto, Snapdragon Compute,... |
| CVE-2019-10616 | 2020-03-05 | Possibility of null pointer access if the SPDM commands are executed in the non-standard way in TZ. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2019-14000 | 2020-03-05 | Lack of check that the RX FIFO write index that is read from shared RAM is less than the FIFO size results into memory corruption and potential information leakage in... |
| CVE-2019-14015 | 2020-03-05 | A stack-based buffer overflow exists in the initialization of the identification stage due to lack of check on the number of templates provided. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,... |
| CVE-2019-14026 | 2020-03-05 | Possible buffer overflow in WLAN WMI handler due to lack of ssid length check when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2019-14027 | 2020-03-05 | Buffer overflow due to lack of upper bound check on channel length which is used for a loop. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,... |
| CVE-2019-14028 | 2020-03-05 | Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2019-14029 | 2020-03-05 | Use-after-free in graphics module due to destroying already queued syncobj in error case in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,... |
| CVE-2019-14030 | 2020-03-05 | The size of a buffer is determined by addition and multiplications operations that have the potential to overflow due to lack of bound check in Snapdragon Auto, Snapdragon Compute, Snapdragon... |
| CVE-2019-14031 | 2020-03-05 | Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics... |
| CVE-2019-14032 | 2020-03-05 | Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,... |
| CVE-2019-14045 | 2020-03-05 | Possible buffer overflow while processing clientlog and serverlog due to lack of validation of data received in logs in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8096AU, QCS605, SDM439,... |
| CVE-2019-14048 | 2020-03-05 | Possible out of bound memory access while playing a crafted clip in media player in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &... |
| CVE-2019-14050 | 2020-03-05 | Out-of-bound writes occurs due to lack of check of buffer size will cause buffer overflow only in 32bit architecture. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2019-14061 | 2020-03-05 | Null-pointer dereference can occur while accessing the segment element info when it is not allocated and assigned in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... |
| CVE-2019-14068 | 2020-03-05 | Out of bound access in msm routing due to lack of check of size before accessing in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon... |
| CVE-2019-14071 | 2020-03-05 | Compromised reset handler may bypass access control due to AC config is being reset if debug path is enabled to collect secure or non-secure ram dumps in Snapdragon Auto, Snapdragon... |
| CVE-2019-14072 | 2020-03-05 | Unhandled paging request is observed due to dereferencing an already freed object because of race condition between sparse free and sparse bind ioctls which access the same physical entry in... |
| CVE-2019-14079 | 2020-03-05 | Access to the uninitialized variable when the driver tries to unmap the dma buffer of a request which was never mapped in the first place leading to kernel failure in... |
| CVE-2019-14081 | 2020-03-05 | Buffer Over-read when WLAN module gets a WMI message for SAR limits with invalid number of limits to be enforced in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT,... |
| CVE-2019-14082 | 2020-03-05 | Potential buffer over-read due to lack of bound check of memory offset passed in WLAN firmware in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon... |
| CVE-2019-14083 | 2020-03-05 | While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is specified in the attribute length field of extended SSI which... |
| CVE-2019-14085 | 2020-03-05 | Possible Integer underflow in WLAN function due to lack of check of data received from user side in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2019-14086 | 2020-03-05 | Possible integer overflow while checking the length of frame which is a 32 bit integer and is added to another 32 bit integer which can lead to unexpected result during... |
| CVE-2019-14095 | 2020-03-05 | Buffer overflow occurs while processing LMP packet in which name length parameter exceeds value specified in BT-specification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer... |
| CVE-2019-14097 | 2020-03-05 | Possible buffer overflow in WLAN Parser due to lack of length check when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon... |
| CVE-2019-14098 | 2020-03-05 | Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon... |
| CVE-2019-2300 | 2020-03-05 | Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,... |
| CVE-2019-2311 | 2020-03-05 | Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon... |
| CVE-2019-2317 | 2020-03-05 | The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon... |
| CVE-2020-9370 | 2020-03-05 | HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. |
| CVE-2020-10106 | 2020-03-05 | PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the email parameter in index.php or register.php. The SQL injection allows to dump the MySQL database... |
| CVE-2020-10107 | 2020-03-05 | PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the ExpenseItem or ExpenseCost parameter in manage-expense.php. |
| CVE-2020-9380 | 2020-03-05 | IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script. |
| CVE-2019-20107 | 2020-03-05 | Multiple SQL injection vulnerabilities in TestLink through 1.9.19 allows remote authenticated users to execute arbitrary SQL commands via the (1) tproject_id parameter to keywordsView.php; the (2) req_spec_id parameter to reqSpecCompareRevisions.php;... |
| CVE-2019-20501 | 2020-03-05 | D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or... |
| CVE-2020-10173 | 2020-03-05 | Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi. |
| CVE-2019-20500 | 2020-03-05 | D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or... |
| CVE-2019-20499 | 2020-03-05 | D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or... |
| CVE-2020-9402 | 2020-03-05 | Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle.... |
| CVE-2020-9544 | 2020-03-05 | An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The administrative interface doesn't perform authentication checks for a firmware-update POST request. Any attacker that can access the administrative interface... |
| CVE-2020-4278 | 2020-03-05 | IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak... |
| CVE-2020-9418 | 2020-03-05 | An untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking. |
| CVE-2020-10174 | 2020-03-05 | init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged... |
| CVE-2020-8994 | 2020-03-05 | An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root shell by accessing the UART interface and then they can read Wi-Fi SSID or... |
| CVE-2019-17645 | 2020-03-05 | An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/service/refreshMacroAjax.php. |
| CVE-2019-17642 | 2020-03-05 | An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery... |
| CVE-2020-5250 | 2020-03-05 | Possible information disclosure in PrestaShop |
| CVE-2019-20382 | 2020-03-05 | QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not... |
| CVE-2020-4083 | 2020-03-05 | HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user. |
| CVE-2020-10180 | 2020-03-05 | The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus,... |
| CVE-2020-4082 | 2020-03-05 | The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to... |
| CVE-2020-5405 | 2020-03-05 | Directory Traversal with spring-cloud-config-server |
| CVE-2019-20502 | 2020-03-05 | An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter. |
| CVE-2019-17647 | 2020-03-05 | An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter. |
| CVE-2019-17646 | 2020-03-05 | An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. It provides sensitive information via an unauthenticated direct request for api/external.php?object=centreon_metric&action=listByService. |
| CVE-2020-5957 | 2020-03-05 | NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which... |