CVE List - 2020 / July
Showing 801 - 900 of 1417 CVEs for July 2020 (Page 9 of 15)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-14065 | 2020-07-15 | IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. |
| CVE-2020-14066 | 2020-07-15 | IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. |
| CVE-2020-15366 | 2020-07-15 | An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype... |
| CVE-2020-15602 | 2020-07-15 | An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code... |
| CVE-2020-15603 | 2020-07-15 | An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do... |
| CVE-2020-11439 | 2020-07-15 | LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application. |
| CVE-2020-10284 | 2020-07-15 | RVD#3321: No Authentication required to exert manual control of the robot |
| CVE-2020-11437 | 2020-07-15 | LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database. |
| CVE-2020-11436 | 2020-07-15 | LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators. |
| CVE-2020-11438 | 2020-07-15 | LibreHealth EMR v2.0.0 is affected by systemic CSRF. |
| CVE-2020-15051 | 2020-07-15 | An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and... |
| CVE-2020-13788 | 2020-07-15 | Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. |
| CVE-2020-14982 | 2020-07-15 | A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to... |
| CVE-2020-8958 | 2020-07-15 | Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address... |
| CVE-2020-6165 | 2020-07-15 | SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does... |
| CVE-2020-6164 | 2020-07-15 | In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application.... |
| CVE-2020-15779 | 2020-07-15 | A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename... |
| CVE-2020-9309 | 2020-07-15 | Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are... |
| CVE-2020-10285 | 2020-07-15 | RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks |
| CVE-2020-9311 | 2020-07-15 | In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted... |
| CVE-2020-10286 | 2020-07-15 | RVD#3323: Mismanaged permission implementation leads to privilege escalation, exfiltration of sensitive information, and DoS |
| CVE-2019-17639 | 2020-07-15 | In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain... |
| CVE-2020-15107 | 2020-07-15 | x87 FPU operations in enclaves are vulnerable to ABI poisoning in openenclave |
| CVE-2020-15780 | 2020-07-15 | An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot... |
| CVE-2019-20908 | 2020-07-15 | An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure... |
| CVE-2020-10288 | 2020-07-15 | RVD#3327: No authentication required for accesing ABB IRC5 FTP server |
| CVE-2020-10287 | 2020-07-15 | RVD#3326: Hardcoded default credentials on IRC 5 OPC Server |
| CVE-2020-11978 | 2020-07-16 | An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow... |
| CVE-2020-15027 | 2020-07-16 | ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. This was patched in 2020.7 and in a hotfix for 2019.12. |
| CVE-2020-14000 | 2020-07-16 | MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as... |
| CVE-2019-4747 | 2020-07-16 | IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2019-4748 | 2020-07-16 | IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2020-4316 | 2020-07-16 | IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending... |
| CVE-2020-4462 | 2020-07-16 | IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack... |
| CVE-2020-3140 | 2020-07-16 | Cisco Prime License Manager Privilege Escalation Vulnerability |
| CVE-2020-3144 | 2020-07-16 | Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability |
| CVE-2020-3145 | 2020-07-16 | Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Multiple Vulnerabilities |
| CVE-2020-3146 | 2020-07-16 | Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Multiple Vulnerabilities |
| CVE-2020-3150 | 2020-07-16 | Cisco Small Business RV110W and RV215W Series Routers Information Disclosure Vulnerability |
| CVE-2020-3180 | 2020-07-16 | Cisco SD-WAN Solution Software Static Credentials Vulnerability |
| CVE-2020-3197 | 2020-07-16 | Cisco Meetings App Missing TURN Server Credentials Expiration Vulnerability |
| CVE-2020-3323 | 2020-07-16 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability |
| CVE-2020-3330 | 2020-07-16 | Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential Vulnerability |
| CVE-2020-3331 | 2020-07-16 | Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability |
| CVE-2020-3332 | 2020-07-16 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability |
| CVE-2020-3345 | 2020-07-16 | Cisco Webex Meetings and Cisco Webex Meetings Server HTML Injection Vulnerability |
| CVE-2020-3348 | 2020-07-16 | Cisco Data Center Network Manager Cross-Site Scripting Vulnerabilities |
| CVE-2020-3349 | 2020-07-16 | Cisco Data Center Network Manager Cross-Site Scripting Vulnerabilities |
| CVE-2020-3351 | 2020-07-16 | Cisco SD-WAN Solution Software Denial of Service Vulnerability |
| CVE-2020-3357 | 2020-07-16 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote Code Execution and Denial of Service Vulnerability |
| CVE-2020-3358 | 2020-07-16 | Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability |
| CVE-2020-3369 | 2020-07-16 | Cisco SD-WAN vEdge Routers Denial of Service Vulnerability |
| CVE-2020-3370 | 2020-07-16 | Cisco Content Security Management Appliance Filter Bypass Vulnerability |
| CVE-2020-3372 | 2020-07-16 | Cisco SD-WAN vManage Software Denial of Service Vulnerability |
| CVE-2020-3378 | 2020-07-16 | Cisco SD-WAN vManage Software SQL Injection Vulnerability |
| CVE-2020-3379 | 2020-07-16 | Cisco SD-WAN Solution Software Privilege Escalation Vulnerability |
| CVE-2020-3380 | 2020-07-16 | Cisco Data Center Network Manager Privilege Escalation Vulnerability |
| CVE-2020-3381 | 2020-07-16 | Cisco SD-WAN vManage Software Directory Traversal Vulnerability |
| CVE-2020-3385 | 2020-07-16 | Cisco SD-WAN vEdge Routers Denial of Service Vulnerability |
| CVE-2020-3387 | 2020-07-16 | Cisco SD-WAN vManage Software Remote Code Execution Vulnerability |
| CVE-2020-3388 | 2020-07-16 | Cisco SD-WAN vManage Software Command Injection Vulnerability |
| CVE-2020-3405 | 2020-07-16 | Cisco SD-WAN vManage Software XML External Entity Vulnerability |
| CVE-2020-3401 | 2020-07-16 | Cisco SD-WAN vManage Software Path Traversal Vulnerability |
| CVE-2020-3406 | 2020-07-16 | Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability |
| CVE-2020-3437 | 2020-07-16 | Cisco SD-WAN vManage Software Information Disclosure Vulnerability |
| CVE-2020-3468 | 2020-07-16 | Cisco SD-WAN vManage Software SQL Injection Vulnerability |
| CVE-2020-3450 | 2020-07-16 | Cisco Vision Dynamic Signage Director SQL Injection Vulnerability |
| CVE-2019-20915 | 2020-07-16 | An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c. |
| CVE-2019-20914 | 2020-07-16 | An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec. |
| CVE-2019-20913 | 2020-07-16 | An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec. |
| CVE-2019-20912 | 2020-07-16 | An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF. |
| CVE-2019-20911 | 2020-07-16 | An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop. |
| CVE-2019-20910 | 2020-07-16 | An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011. |
| CVE-2019-20909 | 2020-07-16 | An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec. |
| CVE-2020-13405 | 2020-07-16 | userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. |
| CVE-2020-4095 | 2020-07-16 | "BigFix Platform is storing clear text credentials within the system's memory. An attacker who is able to gain administrative privileges can use a program to create a memory dump and... |
| CVE-2020-12011 | 2020-07-16 | A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31)... |
| CVE-2020-12009 | 2020-07-16 | A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and... |
| CVE-2020-12013 | 2020-07-16 | A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier,... |
| CVE-2020-12015 | 2020-07-16 | A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and... |
| CVE-2020-12007 | 2020-07-16 | A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC... |
| CVE-2020-11981 | 2020-07-16 | An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject... |
| CVE-2020-11982 | 2020-07-16 | An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert... |
| CVE-2020-11983 | 2020-07-16 | An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated... |
| CVE-2020-9485 | 2020-07-16 | An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI. |
| CVE-2020-9646 | 2020-07-16 | Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9649 | 2020-07-16 | Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. |
| CVE-2020-9650 | 2020-07-16 | Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-9669 | 2020-07-16 | Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2020-9670 | 2020-07-16 | Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2020-15803 | 2020-07-17 | Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. |
| CVE-2020-9671 | 2020-07-17 | Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2020-9672 | 2020-07-17 | Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2020-9673 | 2020-07-17 | Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. |
| CVE-2020-9682 | 2020-07-17 | Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. Successful exploitation could lead to arbitrary file system write. |
| CVE-2020-9688 | 2020-07-17 | Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. |
| CVE-2020-15801 | 2020-07-17 | In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. |
| CVE-2020-7684 | 2020-07-17 | Directory Traversal |
| CVE-2020-7696 | 2020-07-17 | Information Exposure |
| CVE-2020-4464 | 2020-07-17 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over... |