CVE List - 2020 / March
Showing 1601 - 1700 of 1754 CVEs for March 2020 (Page 17 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-3778 | 2020-03-25 | Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-3777 | 2020-03-25 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-3776 | 2020-03-25 | Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9520 | 2020-03-25 | A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content... |
| CVE-2020-5339 | 2020-03-25 | RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could... |
| CVE-2020-5340 | 2020-03-25 | RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could... |
| CVE-2020-6815 | 2020-03-25 | Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that... |
| CVE-2020-6814 | 2020-03-25 | Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of... |
| CVE-2020-6813 | 2020-03-25 | When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent... |
| CVE-2020-6812 | 2020-03-25 | The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able... |
| CVE-2020-6811 | 2020-03-25 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used... |
| CVE-2020-6810 | 2020-03-25 | After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing... |
| CVE-2020-6809 | 2020-03-25 | When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files.... |
| CVE-2020-6808 | 2020-03-25 | When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL... |
| CVE-2020-6807 | 2020-03-25 | When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a... |
| CVE-2020-6806 | 2020-03-25 | By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption... |
| CVE-2020-6805 | 2020-03-25 | When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird <... |
| CVE-2020-10963 | 2020-03-25 | FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE:... |
| CVE-2020-10964 | 2020-03-25 | Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed... |
| CVE-2020-10966 | 2020-03-25 | In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset... |
| CVE-2020-10965 | 2020-03-25 | Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is... |
| CVE-2020-5129 | 2020-03-26 | A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version... |
| CVE-2020-10245 | 2020-03-26 | CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. |
| CVE-2020-7260 | 2020-03-26 | MACC installer DLL side loading |
| CVE-2020-1764 | 2020-03-26 | A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own... |
| CVE-2020-8923 | 2020-03-26 | XSS in Dart |
| CVE-2020-8910 | 2020-03-26 | Auth Bypass in Google's Closure-Library |
| CVE-2020-6999 | 2020-03-26 | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer. |
| CVE-2020-10969 | 2020-03-26 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. |
| CVE-2020-10968 | 2020-03-26 | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). |
| CVE-2019-15795 | 2020-03-26 | python-apt uses MD5 for validation |
| CVE-2019-15796 | 2020-03-26 | python-apt downloads from untrusted sources |
| CVE-2020-4276 | 2020-03-26 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. X-Force... |
| CVE-2019-5105 | 2020-03-26 | An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an... |
| CVE-2020-7944 | 2020-03-26 | In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report. |
| CVE-2020-9521 | 2020-03-26 | An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of... |
| CVE-2020-9066 | 2020-03-26 | Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169(C00E166R4P1) have an improper authentication vulnerability. The Application doesn't perform proper authentication when user performs certain operations. An attacker can trick user into... |
| CVE-2020-1800 | 2020-03-26 | HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks... |
| CVE-2020-9065 | 2020-03-26 | Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203(C00E201R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may tamper... |
| CVE-2020-10823 | 2020-03-26 | A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request... |
| CVE-2020-10824 | 2020-03-26 | A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request... |
| CVE-2020-10825 | 2020-03-26 | A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote... |
| CVE-2020-10826 | 2020-03-26 | /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve command injection via a remote HTTP request in DEBUG mode. |
| CVE-2020-10827 | 2020-03-26 | A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. |
| CVE-2020-10828 | 2020-03-26 | A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. |
| CVE-2020-9467 | 2020-03-26 | Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php request because of the pwg.images.setInfo function. |
| CVE-2020-9468 | 2020-03-26 | The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. |
| CVE-2020-10993 | 2020-03-26 | Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. |
| CVE-2020-10992 | 2020-03-26 | Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. |
| CVE-2020-10991 | 2020-03-26 | Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java |
| CVE-2020-10990 | 2020-03-26 | An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. |
| CVE-2020-3920 | 2020-03-27 | Unisoon UltraLog Express - Broken Authentication |
| CVE-2020-3921 | 2020-03-27 | Unisoon UltraLog Express - Sensitive Data Exposure |
| CVE-2020-3936 | 2020-03-27 | Unisoon UltraLog Express - SQL Injection |
| CVE-2020-10508 | 2020-03-27 | Sunnet eHRD - Sensitive Data Exposure |
| CVE-2020-10509 | 2020-03-27 | Sunnet eHRD - Cross-Site Scripting |
| CVE-2020-10510 | 2020-03-27 | Sunnet eHRD - Broken Access Control |
| CVE-2020-1769 | 2020-03-27 | Autocomplete in the form login screens |
| CVE-2020-1770 | 2020-03-27 | Information disclosure in support bundle files |
| CVE-2020-1771 | 2020-03-27 | Possible XSS in Customer user address book |
| CVE-2020-1772 | 2020-03-27 | Information Disclosure |
| CVE-2020-1773 | 2020-03-27 | Session / Password / Password token leak |
| CVE-2020-10607 | 2020-03-27 | In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. |
| CVE-2020-7918 | 2020-03-27 | An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration. |
| CVE-2015-5684 | 2020-03-27 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo... |
| CVE-2015-7333 | 2020-03-27 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo... |
| CVE-2015-7334 | 2020-03-27 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo... |
| CVE-2015-7335 | 2020-03-27 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update... |
| CVE-2015-7336 | 2020-03-27 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version... |
| CVE-2015-8534 | 2020-03-27 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo... |
| CVE-2015-8535 | 2020-03-27 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution... |
| CVE-2015-8536 | 2020-03-27 | MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC)... |
| CVE-2020-5857 | 2020-03-27 | On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service. |
| CVE-2020-8551 | 2020-03-27 | Kubernetes kubelet denial of service |
| CVE-2020-8552 | 2020-03-27 | Kubernetes API server denial of service |
| CVE-2020-5860 | 2020-03-27 | On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability (HA) network failover in Device Service Cluster (DSC), the failover service does... |
| CVE-2020-5859 | 2020-03-27 | On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file. |
| CVE-2020-5858 | 2020-03-27 | On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute... |
| CVE-2020-5861 | 2020-03-27 | On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in some cases when Ram Cache incorrectly optimizes stored data resulting in memory errors. |
| CVE-2020-5863 | 2020-03-27 | In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able... |
| CVE-2020-5862 | 2020-03-27 | On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does... |
| CVE-2020-10817 | 2020-03-27 | The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued. |
| CVE-2020-10956 | 2020-03-27 | GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. |
| CVE-2020-10955 | 2020-03-27 | GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders. |
| CVE-2020-10954 | 2020-03-27 | GitLab through 12.9 is affected by a potential DoS in repository archive download. |
| CVE-2020-10953 | 2020-03-27 | In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. |
| CVE-2020-10952 | 2020-03-27 | GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. |
| CVE-2020-6095 | 2020-03-27 | An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An... |
| CVE-2020-10939 | 2020-03-27 | Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. |
| CVE-2020-10940 | 2020-03-27 | Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. |
| CVE-2020-5551 | 2020-03-30 | Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs... |
| CVE-2020-5527 | 2020-03-30 | When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC... |
| CVE-2020-10560 | 2020-03-30 | An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the... |
| CVE-2019-7755 | 2020-03-30 | In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection. |
| CVE-2020-8509 | 2020-03-30 | Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. |
| CVE-2020-7599 | 2020-03-30 | All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info... |
| CVE-2020-7610 | 2020-03-30 | All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object... |
| CVE-2019-17560 | 2020-03-30 | The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially... |
| CVE-2019-17561 | 2020-03-30 | The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2... |
| CVE-2020-5723 | 2020-03-30 | The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database. This could allow an attacker to retrieve all passwords and possibly gain elevated privileges. |