CVE List - 2020 / July
Showing 901 - 1000 of 1417 CVEs for July 2020 (Page 10 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-7826 | 2020-07-17 | EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for... |
| CVE-2020-7825 | 2020-07-17 | A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to... |
| CVE-2020-14001 | 2020-07-17 | The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution... |
| CVE-2020-14928 | 2020-07-17 | evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in... |
| CVE-2020-15807 | 2020-07-17 | GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files. |
| CVE-2020-15586 | 2020-07-17 | Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a... |
| CVE-2020-14039 | 2020-07-17 | In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509... |
| CVE-2020-5130 | 2020-07-17 | SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. |
| CVE-2020-5131 | 2020-07-17 | SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This... |
| CVE-2020-15497 | 2020-07-17 | jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. Note: It is asserted that this vulnerability is not present in the standard installation of Jalios JCMS |
| CVE-2020-15813 | 2020-07-17 | Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL-... |
| CVE-2020-1640 | 2020-07-17 | Junos OS: Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. |
| CVE-2020-1641 | 2020-07-17 | Junos OS: A race condition on receipt of crafted LLDP packets leads to a memory leak and an LLDP crash. |
| CVE-2020-1643 | 2020-07-17 | Junos OS: EX Series: RPD crash when executing specific "show ospf interface" commands from the CLI with OSPF authentication configured |
| CVE-2020-1644 | 2020-07-17 | Junos OS and Junos OS Evolved: RPD crash due to specific BGP UPDATE packets |
| CVE-2020-1645 | 2020-07-17 | Junos OS: MX Series: Services card might restart when DNS filtering is enabled |
| CVE-2020-1646 | 2020-07-17 | Junos OS and Junos OS Evolved: RPD crash while processing a specific BGP update information. |
| CVE-2020-1647 | 2020-07-17 | Junos OS: SRX Series: Double free vulnerability can lead to DoS or remote code execution due to the processing of a specific HTTP message when ICAP redirect service is enabled |
| CVE-2020-1648 | 2020-07-17 | Junos OS and Junos OS Evolved: RPD crash when processing a specific BGP packet |
| CVE-2020-1649 | 2020-07-17 | Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly |
| CVE-2020-1650 | 2020-07-17 | Junos OS: MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC |
| CVE-2020-1651 | 2020-07-17 | Junos OS: MX Series: PFE on the line card may crash due to memory leak. |
| CVE-2020-1652 | 2020-07-17 | Junos Space: OpenNMS is accessible via port 9443 |
| CVE-2020-1653 | 2020-07-17 | Junos OS: Kernel crash (vmcore) or FPC crash due to mbuf leak |
| CVE-2020-1654 | 2020-07-17 | Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution |
| CVE-2020-1655 | 2020-07-17 | Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation |
| CVE-2019-4091 | 2020-07-17 | "HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code... |
| CVE-2019-4090 | 2020-07-17 | "HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field." |
| CVE-2020-15816 | 2020-07-17 | In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment... |
| CVE-2020-0120 | 2020-07-17 | In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2020-0305 | 2020-07-17 | In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2020-0227 | 2020-07-17 | In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing background data usage or launching... |
| CVE-2020-0225 | 2020-07-17 | In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2020-0107 | 2020-07-17 | In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2020-0122 | 2020-07-17 | In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2020-0224 | 2020-07-17 | In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. This could lead to remote code execution when processing a proxy configuration with no... |
| CVE-2020-0226 | 2020-07-17 | In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege in the graphics server with no... |
| CVE-2020-0228 | 2020-07-17 | There is an improper configuration of recorder related service. Product: AndroidVersions: Android SoCAndroid ID: A-156333723 |
| CVE-2020-0231 | 2020-07-17 | There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156333727 |
| CVE-2020-0230 | 2020-07-17 | There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156337262 |
| CVE-2020-5756 | 2020-07-17 | Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands... |
| CVE-2020-15108 | 2020-07-17 | SQL Injection in glpi |
| CVE-2020-5757 | 2020-07-17 | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can bypass command injection mitigations and execute commands as the... |
| CVE-2020-5758 | 2020-07-17 | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a... |
| CVE-2020-5759 | 2020-07-17 | Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. An authenticated remote attacker can execute commands as the root user by issuing a... |
| CVE-2020-15110 | 2020-07-17 | Possible pod name collisions in jupyterhub-kubespawner |
| CVE-2020-4104 | 2020-07-17 | HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a malicious script to an unsuspecting user. This affects... |
| CVE-2020-7818 | 2020-07-17 | DaviewIndy Heap Overflow Vulnerability |
| CVE-2019-12000 | 2020-07-17 | HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external... |
| CVE-2020-7206 | 2020-07-17 | HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability. |
| CVE-2020-5768 | 2020-07-17 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the... |
| CVE-2020-5767 | 2020-07-17 | Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. |
| CVE-2020-5769 | 2020-07-17 | Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection'... |
| CVE-2020-10605 | 2020-07-17 | Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files. |
| CVE-2020-9227 | 2020-07-17 | Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to... |
| CVE-2020-9254 | 2020-07-17 | HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. A logic error occurs when the... |
| CVE-2020-9257 | 2020-07-17 | HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end,... |
| CVE-2020-9252 | 2020-07-17 | HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than... |
| CVE-2020-9259 | 2020-07-17 | Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should... |
| CVE-2020-9255 | 2020-07-17 | Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E178R1P4) have a denial of service vulnerability. Certain service in the system does not sufficiently validate certain parameter which is received, the... |
| CVE-2020-9102 | 2020-07-17 | There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the... |
| CVE-2020-9101 | 2020-07-17 | There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation... |
| CVE-2020-9256 | 2020-07-17 | Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability. The system does not properly restrict the use of system service by applications, the attacker... |
| CVE-2020-15841 | 2020-07-20 | Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to... |
| CVE-2020-15842 | 2020-07-20 | Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code... |
| CVE-2020-15009 | 2020-07-20 | AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts... |
| CVE-2020-4361 | 2020-07-20 | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by disclosing private IP addresses in HTTP responses. IBM X-Force ID: 178766. |
| CVE-2020-4466 | 2020-07-20 | IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authenticated attacker could cause a denial of service due to an error within the Queue processing function. IBM... |
| CVE-2020-4527 | 2020-07-20 | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By... |
| CVE-2020-14485 | 2020-07-20 | OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow... |
| CVE-2020-14484 | 2020-07-20 | OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks. |
| CVE-2020-14494 | 2020-07-20 | OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users... |
| CVE-2020-14491 | 2020-07-20 | OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information. |
| CVE-2020-12029 | 2020-07-20 | Rockwell Automation FactoryTalk View SE |
| CVE-2020-8205 | 2020-07-20 | The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise... |
| CVE-2020-8215 | 2020-07-20 | A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. |
| CVE-2020-8214 | 2020-07-20 | A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file. |
| CVE-2020-12031 | 2020-07-20 | Rockwell Automation FactoryTalk View SE |
| CVE-2020-12027 | 2020-07-20 | Rockwell Automation FactoryTalk View SE |
| CVE-2020-12028 | 2020-07-20 | Rockwell Automation FactoryTalk View SE |
| CVE-2020-7680 | 2020-07-20 | docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment identifiers (parameters after # sign) to load resources from server-side .md files. Due to lack of validation... |
| CVE-2020-15052 | 2020-07-20 | An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. |
| CVE-2020-15053 | 2020-07-20 | An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects. |
| CVE-2020-6871 | 2020-07-20 | The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This... |
| CVE-2020-6872 | 2020-07-20 | The server management software module of ZTE has a storage XSS vulnerability. The attacker inserts some attack codes through the foreground login page, which will cause the user to execute... |
| CVE-2020-15123 | 2020-07-20 | Command injection in codecov (npm package) |
| CVE-2020-15111 | 2020-07-20 | CRLF vulnerability in Fiber |
| CVE-2020-3481 | 2020-07-20 | Clam AntiVirus (ClamAV) Software Null Pointer Dereference Vulnerability |
| CVE-2020-15118 | 2020-07-20 | Cross-Site Scripting in Wagtail |
| CVE-2020-15121 | 2020-07-20 | Command injection in Radare2 |
| CVE-2020-15852 | 2020-07-20 | An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions... |
| CVE-2020-6100 | 2020-07-20 | An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. A specially crafted pixel shader can cause memory corruption vulnerability. An attacker can provide a specially crafted shader... |
| CVE-2020-6101 | 2020-07-20 | An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a specially crafted shader file to trigger this... |
| CVE-2020-3442 | 2020-07-20 | DuoConnect SSH Connection Vulnerability |
| CVE-2020-6102 | 2020-07-20 | An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger... |
| CVE-2020-6103 | 2020-07-20 | An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger... |
| CVE-2020-1776 | 2020-07-20 | Invalidating or changing user does not invalidate session |
| CVE-2020-13932 | 2020-07-20 | In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is... |
| CVE-2020-4125 | 2020-07-20 | Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential... |
| CVE-2018-21036 | 2020-07-21 | Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a... |