CVE List - 2020 / May
Showing 401 - 500 of 1017 CVEs for May 2020 (Page 5 of 11)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-12742 | 2020-05-13 | The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols. |
| CVE-2020-12763 | 2020-05-13 | TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service.... |
| CVE-2020-12427 | 2020-05-13 | The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting... |
| CVE-2019-16112 | 2020-05-13 | TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI. |
| CVE-2020-8020 | 2020-05-13 | Persistent XSS in markdown parser used by obs-server |
| CVE-2019-9682 | 2020-05-13 | Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices... |
| CVE-2020-9501 | 2020-05-13 | Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform.... |
| CVE-2020-9502 | 2020-05-13 | Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data... |
| CVE-2020-7454 | 2020-05-13 | In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an... |
| CVE-2020-7455 | 2020-05-13 | In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing... |
| CVE-2019-15878 | 2020-05-13 | In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application... |
| CVE-2019-15879 | 2020-05-13 | In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to... |
| CVE-2019-15880 | 2020-05-13 | In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged... |
| CVE-2020-5838 | 2020-05-13 | Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts... |
| CVE-2019-2388 | 2020-05-13 | Potential exposure of log information in Ops Manager |
| CVE-2020-5407 | 2020-05-13 | Signature Wrapping Vulnerability with spring-security-saml2-service-provider |
| CVE-2020-12831 | 2020-05-13 | An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions,... |
| CVE-2020-12832 | 2020-05-13 | WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. |
| CVE-2020-1714 | 2020-05-13 | A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java... |
| CVE-2020-11070 | 2020-05-13 | Cross-Site Scripting in SVG Sanitizer |
| CVE-2020-11073 | 2020-05-13 | Remote Code Execution in Autoswitch Python Virtualenv |
| CVE-2020-1993 | 2020-05-13 | PAN-OS: GlobalProtect Portal PHP session fixation vulnerability |
| CVE-2020-1994 | 2020-05-13 | PAN-OS: Predictable temporary file vulnerability |
| CVE-2020-1995 | 2020-05-13 | PAN-OS: Management server rasmgr denial of service |
| CVE-2020-1996 | 2020-05-13 | PAN-OS: Panorama management server log injection |
| CVE-2020-1997 | 2020-05-13 | PAN-OS: GlobalProtect registration open redirect |
| CVE-2020-1998 | 2020-05-13 | PAN-OS: Improper SAML SSO authorization of shared local users |
| CVE-2020-2001 | 2020-05-13 | PAN-OS: Panorama External control of file vulnerability leads to privilege escalation |
| CVE-2020-2002 | 2020-05-13 | PAN-OS: Spoofed Kerberos key distribution center authentication bypass |
| CVE-2020-2003 | 2020-05-13 | PAN-OS: Authenticated administrator can delete arbitrary system file |
| CVE-2020-2004 | 2020-05-13 | GlobalProtect App: Passwords may be logged in clear text while collecting troubleshooting logs |
| CVE-2020-2005 | 2020-05-13 | PAN-OS: GlobalProtect Clientless VPN session hijacking |
| CVE-2020-2006 | 2020-05-13 | PAN-OS: Buffer overflow in management server payload parser |
| CVE-2020-2007 | 2020-05-13 | PAN-OS: OS command injection in management server |
| CVE-2020-2008 | 2020-05-13 | PAN-OS: OS command injection or arbitrary file deletion vulnerability |
| CVE-2020-2009 | 2020-05-13 | PAN-OS: Panorama SD WAN arbitrary file creation |
| CVE-2020-2010 | 2020-05-13 | PAN-OS: Authenticated user command injection vulnerability |
| CVE-2020-2011 | 2020-05-13 | PAN-OS: Panorama registration denial of service |
| CVE-2020-2012 | 2020-05-13 | PAN-OS: Panorama: XML external entity reference ('XXE') vulnerability leads the to information leak |
| CVE-2020-2013 | 2020-05-13 | PAN-OS: Panorama context switch session cookie disclosure |
| CVE-2020-2014 | 2020-05-13 | PAN-OS: OS injection vulnerability in PAN-OS management server |
| CVE-2020-2015 | 2020-05-13 | PAN-OS: Buffer overflow in the management server |
| CVE-2020-2016 | 2020-05-13 | PAN-OS: Temporary file race condition vulnerability in PAN-OS leads to local privilege escalation |
| CVE-2020-2017 | 2020-05-13 | PAN-OS: DOM-Based cross site scripting vulnerability in management web interface |
| CVE-2020-2018 | 2020-05-13 | PAN-OS: Panorama authentication bypass vulnerability |
| CVE-2020-11063 | 2020-05-13 | Observable Response Discrepancy in TYPO3 CMS |
| CVE-2020-11064 | 2020-05-13 | Cross-Site Scripting in TYPO3 CMS |
| CVE-2020-11065 | 2020-05-13 | Cross-Site Scripting in TYPO3 CMS |
| CVE-2020-11066 | 2020-05-13 | Improperly Controlled Modification of Dynamically-Determined Object Attributes in TYPO3 CMS |
| CVE-2020-5409 | 2020-05-13 | Concourse Open Redirect in the /sky/login endpoint |
| CVE-2020-11067 | 2020-05-13 | Deserialization of Untrusted Data in TYPO3 CMS |
| CVE-2020-11069 | 2020-05-13 | Cross-Site Request Forgery in TYPO3 CMS |
| CVE-2020-5574 | 2020-05-14 | HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced... |
| CVE-2020-5575 | 2020-05-14 | Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable... |
| CVE-2020-5576 | 2020-05-14 | Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced... |
| CVE-2020-5577 | 2020-05-14 | Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7... |
| CVE-2020-12717 | 2020-05-14 | The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer... |
| CVE-2019-15083 | 2020-05-14 | Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a... |
| CVE-2020-4257 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a... |
| CVE-2020-4258 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a... |
| CVE-2020-4259 | 2020-05-14 | IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to.... |
| CVE-2020-4261 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a... |
| CVE-2020-4262 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a... |
| CVE-2020-4263 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a... |
| CVE-2020-4264 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a... |
| CVE-2020-4265 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a... |
| CVE-2020-4266 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a... |
| CVE-2020-4285 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open... |
| CVE-2020-4287 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open... |
| CVE-2020-4288 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open... |
| CVE-2020-4299 | 2020-05-14 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. |
| CVE-2020-4343 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a... |
| CVE-2020-4365 | 2020-05-14 | IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM... |
| CVE-2020-4422 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a... |
| CVE-2020-4467 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted... |
| CVE-2020-4468 | 2020-05-14 | IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted... |
| CVE-2020-10626 | 2020-05-14 | In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software... |
| CVE-2020-1945 | 2020-05-14 | Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information.... |
| CVE-2020-1960 | 2020-05-14 | A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0... |
| CVE-2019-17572 | 2020-05-14 | In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the... |
| CVE-2019-17562 | 2020-05-14 | A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of... |
| CVE-2019-13021 | 2020-05-14 | The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the... |
| CVE-2019-13022 | 2020-05-14 | Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into... |
| CVE-2020-11971 | 2020-05-14 | Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. |
| CVE-2019-13023 | 2020-05-14 | An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using... |
| CVE-2020-11973 | 2020-05-14 | Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade... |
| CVE-2020-11972 | 2020-05-14 | Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade... |
| CVE-2020-1941 | 2020-05-14 | In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. |
| CVE-2020-5408 | 2020-05-14 | Dictionary attack with Spring Security queryable text encryptor |
| CVE-2020-12677 | 2020-05-14 | An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary... |
| CVE-2020-12876 | 2020-05-14 | Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. |
| CVE-2020-12877 | 2020-05-14 | Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. |
| CVE-2020-12875 | 2020-05-14 | Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the... |
| CVE-2020-12874 | 2020-05-14 | Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server. |
| CVE-2020-0024 | 2020-05-14 | In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2020-0102 | 2020-05-14 | In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2020-0105 | 2020-05-14 | In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with... |
| CVE-2020-0098 | 2020-05-14 | In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2020-0104 | 2020-05-14 | In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges... |
| CVE-2020-0101 | 2020-05-14 | In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not... |