CVE List - 2020 / August
Showing 1 - 100 of 1160 CVEs for August 2020 (Page 1 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-4366 | 2020-08-03 | IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. IBM X-Force ID: 161748. |
| CVE-2019-4589 | 2020-08-03 | IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. IBM X-Force ID:... |
| CVE-2020-4328 | 2020-08-03 | IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information... |
| CVE-2020-4377 | 2020-08-03 | IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive... |
| CVE-2020-4534 | 2020-08-03 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. By... |
| CVE-2020-4549 | 2020-08-03 | IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted... |
| CVE-2020-4550 | 2020-08-03 | IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open... |
| CVE-2020-4551 | 2020-08-03 | IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open... |
| CVE-2020-4552 | 2020-08-03 | IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted... |
| CVE-2020-4553 | 2020-08-03 | IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open... |
| CVE-2020-4554 | 2020-08-03 | IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open... |
| CVE-2020-4560 | 2020-08-03 | IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2019-19453 | 2020-08-03 | Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). An authenticated user, with access to the proxy license editing is able to insert a malicious payload that will... |
| CVE-2019-19455 | 2020-08-03 | Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in... |
| CVE-2015-9549 | 2020-08-03 | A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php. |
| CVE-2020-16269 | 2020-08-03 | radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. |
| CVE-2020-16272 | 2020-08-03 | The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via... |
| CVE-2020-16271 | 2020-08-03 | The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection. |
| CVE-2020-13820 | 2020-08-03 | Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. |
| CVE-2020-12739 | 2020-08-03 | A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. |
| CVE-2020-14319 | 2020-08-03 | It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For... |
| CVE-2020-16131 | 2020-08-03 | Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php. |
| CVE-2020-8575 | 2020-08-03 | Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS). |
| CVE-2020-8574 | 2020-08-03 | Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users. |
| CVE-2020-16116 | 2020-08-03 | In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. |
| CVE-2020-5772 | 2020-08-03 | Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. |
| CVE-2020-5773 | 2020-08-03 | Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations. |
| CVE-2020-5770 | 2020-08-03 | Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. |
| CVE-2020-5771 | 2020-08-03 | Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. |
| CVE-2020-11584 | 2020-08-03 | A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. |
| CVE-2020-11583 | 2020-08-03 | A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. |
| CVE-2020-5615 | 2020-08-04 | Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| CVE-2020-5616 | 2020-08-04 | [Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01]... |
| CVE-2020-5617 | 2020-08-04 | Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors. |
| CVE-2019-20001 | 2020-08-04 | An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. |
| CVE-2020-15467 | 2020-08-04 | The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise. |
| CVE-2020-6012 | 2020-08-04 | ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such... |
| CVE-2020-7822 | 2020-08-04 | DaviewIndy Multiple Vulnerabilities |
| CVE-2020-7823 | 2020-08-04 | DaviewIndy Multiple Vulnerabilities |
| CVE-2020-4396 | 2020-08-04 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-4410 | 2020-08-04 | IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not... |
| CVE-2020-4459 | 2020-08-04 | IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption... |
| CVE-2020-4525 | 2020-08-04 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-4542 | 2020-08-04 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-4631 | 2020-08-04 | IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to... |
| CVE-2020-16134 | 2020-08-04 | An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to... |
| CVE-2020-16203 | 2020-08-04 | Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an... |
| CVE-2020-16201 | 2020-08-04 | Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information. |
| CVE-2020-16199 | 2020-08-04 | Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify... |
| CVE-2020-13523 | 2020-08-04 | An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can... |
| CVE-2020-15944 | 2020-08-04 | An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. Due to missing validation of user input, it is vulnerable to a persistent XSS attack. An attacker can... |
| CVE-2020-15956 | 2020-08-04 | ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload. |
| CVE-2020-13522 | 2020-08-04 | An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file... |
| CVE-2020-15943 | 2020-08-04 | An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of... |
| CVE-2020-16843 | 2020-08-04 | In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when... |
| CVE-2020-16847 | 2020-08-04 | Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. |
| CVE-2020-15135 | 2020-08-04 | CSRF vulnerability in save-server |
| CVE-2020-15109 | 2020-08-04 | Ability to change order address without triggering address validations in solidus |
| CVE-2017-18112 | 2020-08-05 | Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before... |
| CVE-2020-13151 | 2020-08-05 | Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by... |
| CVE-2020-17353 | 2020-08-05 | scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. |
| CVE-2020-14344 | 2020-08-05 | An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security... |
| CVE-2020-14347 | 2020-08-05 | A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs... |
| CVE-2020-5609 | 2020-08-05 | Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01... |
| CVE-2020-5608 | 2020-08-05 | CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000... |
| CVE-2020-4243 | 2020-08-05 | IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session... |
| CVE-2020-4481 | 2020-08-05 | IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability... |
| CVE-2020-13921 | 2020-08-05 | **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. |
| CVE-2020-13819 | 2020-08-05 | Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. |
| CVE-2020-16252 | 2020-08-05 | The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. |
| CVE-2020-16253 | 2020-08-05 | The PgHero gem through 2.6.0 for Ruby allows CSRF. |
| CVE-2020-8607 | 2020-08-05 | An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to... |
| CVE-2020-17364 | 2020-08-05 | USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. |
| CVE-2020-16192 | 2020-08-05 | LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters. |
| CVE-2020-15106 | 2020-08-05 | Improper Input Validation in etcd |
| CVE-2020-15113 | 2020-08-05 | Improper Preservation of Permissions in etcd |
| CVE-2020-16254 | 2020-08-05 | The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). |
| CVE-2020-15112 | 2020-08-05 | Improper Input Validation in etcd |
| CVE-2020-15127 | 2020-08-05 | Denial of service in Contour |
| CVE-2020-15132 | 2020-08-05 | Reset Password / Login vulnerability in Sulu |
| CVE-2020-7298 | 2020-08-05 | Total Protection (MTP) - Unexpected behavior violation |
| CVE-2020-13404 | 2020-08-05 | The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection. |
| CVE-2020-17366 | 2020-08-05 | An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing... |
| CVE-2020-9036 | 2020-08-05 | Jeedom through 4.0.38 allows XSS. |
| CVE-2020-7352 | 2020-08-06 | GOG Galaxy GalaxyClientService Privilege Escalation |
| CVE-2020-7356 | 2020-08-06 | Cayin xPost SQL Injection |
| CVE-2020-7357 | 2020-08-06 | Cayin CMS Command Injection |
| CVE-2020-7361 | 2020-08-06 | ZenTao Pro Command Injection |
| CVE-2020-7460 | 2020-08-06 | In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has... |
| CVE-2020-7459 | 2020-08-06 | In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a... |
| CVE-2020-13364 | 2020-08-06 | A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and... |
| CVE-2020-13365 | 2020-08-06 | Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session... |
| CVE-2020-7817 | 2020-08-06 | MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification... |
| CVE-2020-16845 | 2020-08-06 | Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. |
| CVE-2020-16217 | 2020-08-06 | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the... |
| CVE-2020-16215 | 2020-08-06 | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote... |
| CVE-2020-16213 | 2020-08-06 | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer... |
| CVE-2020-16211 | 2020-08-06 | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. |
| CVE-2020-16207 | 2020-08-06 | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow... |
| CVE-2020-16229 | 2020-08-06 | Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote... |