CVE List - 2020 / July
Showing 501 - 600 of 1417 CVEs for July 2020 (Page 6 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-1409 | 2020-07-14 | A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. |
| CVE-2020-1410 | 2020-07-14 | A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using... |
| CVE-2020-1411 | 2020-07-14 | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from... |
| CVE-2020-1412 | 2020-07-14 | A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. |
| CVE-2020-1413 | 2020-07-14 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353,... |
| CVE-2020-1414 | 2020-07-14 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353,... |
| CVE-2020-1415 | 2020-07-14 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353,... |
| CVE-2020-1416 | 2020-07-14 | An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'. |
| CVE-2020-1418 | 2020-07-14 | An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege... |
| CVE-2020-1419 | 2020-07-14 | An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389,... |
| CVE-2020-1420 | 2020-07-14 | An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows... |
| CVE-2020-1421 | 2020-07-14 | A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the... |
| CVE-2020-1422 | 2020-07-14 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1249, CVE-2020-1353,... |
| CVE-2020-1423 | 2020-07-14 | An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. |
| CVE-2020-1424 | 2020-07-14 | An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. |
| CVE-2020-1426 | 2020-07-14 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1419. |
| CVE-2020-1427 | 2020-07-14 | An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE... |
| CVE-2020-1428 | 2020-07-14 | An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE... |
| CVE-2020-1429 | 2020-07-14 | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. |
| CVE-2020-1430 | 2020-07-14 | An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system,... |
| CVE-2020-1431 | 2020-07-14 | An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need... |
| CVE-2020-1432 | 2020-07-14 | An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'. |
| CVE-2020-1433 | 2020-07-14 | An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'. |
| CVE-2020-1434 | 2020-07-14 | An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'. |
| CVE-2020-1435 | 2020-07-14 | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. |
| CVE-2020-1436 | 2020-07-14 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute... |
| CVE-2020-1437 | 2020-07-14 | An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'. |
| CVE-2020-1438 | 2020-07-14 | An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. This CVE... |
| CVE-2020-1439 | 2020-07-14 | A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code... |
| CVE-2020-1442 | 2020-07-14 | A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'. |
| CVE-2020-1443 | 2020-07-14 | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. |
| CVE-2020-1444 | 2020-07-14 | A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. |
| CVE-2020-1445 | 2020-07-14 | An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342. |
| CVE-2020-1446 | 2020-07-14 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is... |
| CVE-2020-1447 | 2020-07-14 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is... |
| CVE-2020-1448 | 2020-07-14 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is... |
| CVE-2020-1449 | 2020-07-14 | A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'. |
| CVE-2020-1450 | 2020-07-14 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This... |
| CVE-2020-1451 | 2020-07-14 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This... |
| CVE-2020-1454 | 2020-07-14 | This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially... |
| CVE-2020-1458 | 2020-07-14 | A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'. |
| CVE-2020-1456 | 2020-07-14 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This... |
| CVE-2020-1461 | 2020-07-14 | An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the... |
| CVE-2020-1462 | 2020-07-14 | An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability'. |
| CVE-2020-1463 | 2020-07-14 | An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'. |
| CVE-2020-1465 | 2020-07-14 | An elevation of privilege vulnerability exists in Microsoft OneDrive that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system,... |
| CVE-2020-1468 | 2020-07-14 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. |
| CVE-2020-1469 | 2020-07-14 | A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. |
| CVE-2020-1481 | 2020-07-14 | A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote... |
| CVE-2020-2978 | 2020-07-15 | Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged... |
| CVE-2020-14507 | 2020-07-15 | Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. |
| CVE-2020-14497 | 2020-07-15 | Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could... |
| CVE-2020-14505 | 2020-07-15 | Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to... |
| CVE-2020-14499 | 2020-07-15 | Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. |
| CVE-2020-14503 | 2020-07-15 | Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. |
| CVE-2020-14501 | 2020-07-15 | Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. Successful exploitation of this vulnerability may allow an attacker to obtain the information of the... |
| CVE-2020-5765 | 2020-07-15 | Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability... |
| CVE-2020-14511 | 2020-07-15 | Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4). |
| CVE-2020-4100 | 2020-07-15 | "HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when... |
| CVE-2020-7292 | 2020-07-15 | Web Gateway (MWG) - Inappropriate Encoding for output context |
| CVE-2019-17637 | 2020-07-15 | In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files... |
| CVE-2020-13923 | 2020-07-15 | IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04 |
| CVE-2020-9496 | 2020-07-15 | XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 |
| CVE-2020-15695 | 2020-07-15 | An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of com_privacy causes a CSRF vulnerability. |
| CVE-2020-15696 | 2020-07-15 | An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image. |
| CVE-2020-15697 | 2020-07-15 | An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users. |
| CVE-2020-15698 | 2020-07-15 | An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials |
| CVE-2020-15699 | 2020-07-15 | An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration. |
| CVE-2020-15700 | 2020-07-15 | An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability. |
| CVE-2020-15572 | 2020-07-15 | Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001. |
| CVE-2020-8203 | 2020-07-15 | Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. |
| CVE-2020-8178 | 2020-07-15 | Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks. |
| CVE-2020-2220 | 2020-07-15 | Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. |
| CVE-2020-2221 | 2020-07-15 | Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. |
| CVE-2020-2222 | 2020-07-15 | Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability. |
| CVE-2020-2223 | 2020-07-15 | Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored... |
| CVE-2020-2224 | 2020-07-15 | Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored... |
| CVE-2020-2225 | 2020-07-15 | Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site... |
| CVE-2020-2226 | 2020-07-15 | Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. |
| CVE-2020-2227 | 2020-07-15 | Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. |
| CVE-2020-2228 | 2020-07-15 | Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. |
| CVE-2020-15117 | 2020-07-15 | Denial of Service in Synergy |
| CVE-2020-14527 | 2020-07-15 | Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Difficult to exploit vulnerability allows... |
| CVE-2020-14528 | 2020-07-15 | Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows unauthenticated... |
| CVE-2020-14529 | 2020-07-15 | Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Easily exploitable vulnerability allows low... |
| CVE-2020-14530 | 2020-07-15 | Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: None). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network... |
| CVE-2020-14531 | 2020-07-15 | Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 20.6 and prior. Difficult to exploit vulnerability allows unauthenticated attacker... |
| CVE-2020-14532 | 2020-07-15 | Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows... |
| CVE-2020-14533 | 2020-07-15 | Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Easily exploitable vulnerability allows... |
| CVE-2020-14534 | 2020-07-15 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popups). The supported version that is affected is 12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2020-14535 | 2020-07-15 | Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center). Supported versions that are affected are 11.1, 11.2 and prior to 11.3.1. Difficult to exploit... |
| CVE-2020-14536 | 2020-07-15 | Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Workbench). Supported versions that are affected are 11.0, 11.1, 11.2 and prior to... |
| CVE-2020-14537 | 2020-07-15 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Packaging Scripts). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to... |
| CVE-2020-14539 | 2020-07-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable... |
| CVE-2020-14540 | 2020-07-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high... |
| CVE-2020-14541 | 2020-07-15 | Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker... |
| CVE-2020-14542 | 2020-07-15 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the... |
| CVE-2020-14543 | 2020-07-15 | Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low... |
| CVE-2020-14544 | 2020-07-15 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Domain & Function Security). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low... |
| CVE-2020-14545 | 2020-07-15 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with... |