CVE List - 2020 / July
Showing 1101 - 1200 of 1417 CVEs for July 2020 (Page 12 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-10918 | 2020-07-23 | This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The... |
| CVE-2020-10919 | 2020-07-23 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability.... |
| CVE-2020-10920 | 2020-07-23 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability.... |
| CVE-2020-10921 | 2020-07-23 | This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The... |
| CVE-2020-10922 | 2020-07-23 | This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this... |
| CVE-2020-12638 | 2020-07-23 | An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its... |
| CVE-2020-4447 | 2020-07-23 | IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-8557 | 2020-07-23 | Kubernetes node disk Denial of Service by writing to container /etc/hosts |
| CVE-2020-15916 | 2020-07-23 | goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter. |
| CVE-2020-15917 | 2020-07-23 | common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. |
| CVE-2019-18834 | 2020-07-23 | Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php. |
| CVE-2020-15391 | 2020-07-23 | The UI in DevSpace 4.13.0 allows web sites to execute actions on pods (on behalf of a victim) because of a lack of authentication for the WebSocket protocol. This leads... |
| CVE-2020-15477 | 2020-07-23 | The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing... |
| CVE-2020-15492 | 2020-07-23 | An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe web application (served on TCP port 85) includes user input into a filesystem... |
| CVE-2020-11623 | 2020-07-23 | An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical... |
| CVE-2020-11624 | 2020-07-23 | An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require... |
| CVE-2020-11625 | 2020-07-23 | An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login... |
| CVE-2020-15631 | 2020-07-23 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1860 1.04B03_HOTFIX WiFi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism... |
| CVE-2020-15632 | 2020-07-23 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... |
| CVE-2020-15633 | 2020-07-23 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The... |
| CVE-2020-7520 | 2020-07-23 | A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's... |
| CVE-2020-7491 | 2020-07-23 | **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon system versions 10.2.0 through 10.5.3 is visible on the network and could allow inappropriate access.... |
| CVE-2020-7514 | 2020-07-23 | A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker access to the authorization credentials for... |
| CVE-2020-7515 | 2020-07-23 | A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker to decrypt a password. |
| CVE-2020-7516 | 2020-07-23 | A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Builder V1.4.7.2 and prior which could allow an attacker access to login credentials. |
| CVE-2020-7517 | 2020-07-23 | A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to read user credentials. |
| CVE-2020-7518 | 2020-07-23 | A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. |
| CVE-2020-7519 | 2020-07-23 | A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to compromise a user account. |
| CVE-2020-14307 | 2020-07-24 | A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response... |
| CVE-2020-15778 | 2020-07-24 | scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they... |
| CVE-2020-15924 | 2020-07-24 | There is a SQL Injection in Mida eFramework through 2.9.0 that leads to Information Disclosure. No authentication is required. The injection point resides in one of the authentication parameters. |
| CVE-2020-15923 | 2020-07-24 | Mida eFramework through 2.9.0 allows unauthenticated ../ directory traversal. |
| CVE-2020-15922 | 2020-07-24 | There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required. |
| CVE-2020-15921 | 2020-07-24 | Mida eFramework through 2.9.0 has a back door that permits a change of the administrative password and access to restricted functionalities, such as Code Execution. |
| CVE-2020-15920 | 2020-07-24 | There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required. |
| CVE-2020-15919 | 2020-07-24 | A Reflected Cross Site Scripting (XSS) vulnerability was discovered in Mida eFramework through 2.9.0. |
| CVE-2020-15918 | 2020-07-24 | Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discovered in Mida eFramework through 2.9.0. |
| CVE-2020-14175 | 2020-07-24 | Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected... |
| CVE-2020-14297 | 2020-07-24 | A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can... |
| CVE-2020-15860 | 2020-07-24 | Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through... |
| CVE-2020-8317 | 2020-07-24 | A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. |
| CVE-2020-8326 | 2020-07-24 | An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. |
| CVE-2020-15932 | 2020-07-24 | Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. |
| CVE-2020-14725 | 2020-07-24 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2020-15945 | 2020-07-24 | Lua 5.4.0 (fixed in 5.4.1) has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon... |
| CVE-2020-8207 | 2020-07-24 | Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. |
| CVE-2020-8175 | 2020-07-24 | Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image. |
| CVE-2020-8174 | 2020-07-24 | napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. |
| CVE-2020-12812 | 2020-07-24 | An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted... |
| CVE-2020-10610 | 2020-07-24 | In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and plant a binary to exploit the affected PI System software to take control... |
| CVE-2020-10608 | 2020-07-24 | In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass a code integrity check for loading PI System libraries. This exploitation can target... |
| CVE-2020-10606 | 2020-07-24 | In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion,... |
| CVE-2020-10602 | 2020-07-24 | In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI Network Manager due to a race condition. This can result in blocking connections and queries... |
| CVE-2020-10600 | 2020-07-24 | OSIsoft PI System |
| CVE-2020-10604 | 2020-07-24 | In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries... |
| CVE-2020-10614 | 2020-07-24 | In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or... |
| CVE-2020-7683 | 2020-07-25 | Directory Traversal |
| CVE-2020-7682 | 2020-07-25 | Directory Traversal |
| CVE-2020-7681 | 2020-07-25 | Directory Traversal |
| CVE-2020-7686 | 2020-07-25 | Directory Traversal |
| CVE-2020-7687 | 2020-07-25 | Directory Traversal |
| CVE-2020-15103 | 2020-07-27 | Integer Overflow in FreeRDP |
| CVE-2020-15954 | 2020-07-27 | KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. |
| CVE-2020-15953 | 2020-07-27 | LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin... |
| CVE-2020-5611 | 2020-07-27 | Cross-site request forgery (CSRF) vulnerability in Social Sharing Plugin versions prior to 1.2.10 allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| CVE-2020-7694 | 2020-07-27 | Log Injection |
| CVE-2020-7695 | 2020-07-27 | HTTP Response Splitting |
| CVE-2020-9077 | 2020-07-27 | HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R2P11) have an information exposure vulnerability. The system does not properly authenticate the application that access a specified interface. Attackers can trick... |
| CVE-2020-9251 | 2020-07-27 | HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have an improper authorization vulnerability. The software does not properly restrict certain operation in certain scenario, the attacker should do certain... |
| CVE-2020-11110 | 2020-07-27 | Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on... |
| CVE-2020-4405 | 2020-07-27 | IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484. |
| CVE-2020-4408 | 2020-07-27 | The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker... |
| CVE-2020-4498 | 2020-07-27 | IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID:... |
| CVE-2020-15592 | 2020-07-27 | SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and... |
| CVE-2020-15593 | 2020-07-27 | SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It... |
| CVE-2020-15120 | 2020-07-27 | Authorization Bypass in I hate money |
| CVE-2020-7016 | 2020-07-27 | Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that when viewed by a Kibana user can lead... |
| CVE-2020-7017 | 2020-07-27 | In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to edit or create a region map visualization... |
| CVE-2020-1425 | 2020-07-27 | A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID... |
| CVE-2020-1457 | 2020-07-27 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID... |
| CVE-2020-10609 | 2020-07-27 | Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. |
| CVE-2020-8558 | 2020-07-27 | Kubernetes node setting allows for neighboring hosts to bypass localhost boundary |
| CVE-2020-10643 | 2020-07-27 | OSIsoft PI System |
| CVE-2020-12880 | 2020-07-27 | An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into... |
| CVE-2020-12460 | 2020-07-27 | OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted... |
| CVE-2020-12845 | 2020-07-27 | Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request... |
| CVE-2020-16088 | 2020-07-28 | iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches. |
| CVE-2019-4731 | 2020-07-28 | IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616. |
| CVE-2020-4317 | 2020-07-28 | IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript... |
| CVE-2020-4318 | 2020-07-28 | IBM Intelligent Operations Center for Emergency Management, Intelligent Operations Center (IOC), and IBM Water Operations for Waternamics are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript... |
| CVE-2020-4319 | 2020-07-28 | IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due... |
| CVE-2020-4375 | 2020-07-28 | IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory... |
| CVE-2020-4465 | 2020-07-28 | IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the... |
| CVE-2020-15712 | 2020-07-28 | rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot"... |
| CVE-2020-15713 | 2020-07-28 | rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to... |
| CVE-2020-15714 | 2020-07-28 | rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to... |
| CVE-2020-15715 | 2020-07-28 | rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using... |
| CVE-2020-13913 | 2020-07-28 | An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320,... |
| CVE-2020-13914 | 2020-07-28 | webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects... |
| CVE-2020-13915 | 2020-07-28 | Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510,... |