CVE List - 2020 / August
Showing 801 - 900 of 1160 CVEs for August 2020 (Page 9 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-8621 | 2020-08-21 | Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c |
| CVE-2020-8622 | 2020-08-21 | A truncated TSIG response can lead to an assertion failure |
| CVE-2020-8623 | 2020-08-21 | A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c |
| CVE-2020-8624 | 2020-08-21 | update-policy rules of type "subdomain" are enforced incorrectly |
| CVE-2020-5416 | 2020-08-21 | CF clusters with NGINX in front of them may be vulnerable to DoS |
| CVE-2020-5417 | 2020-08-21 | Cloud Controller may allow developers to claim sensitive routes |
| CVE-2020-7711 | 2020-08-23 | Denial of Service (DoS) |
| CVE-2020-13101 | 2020-08-24 | In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a... |
| CVE-2020-14349 | 2020-08-24 | It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in... |
| CVE-2020-14350 | 2020-08-24 | It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into... |
| CVE-2020-24186 | 2020-08-24 | A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via... |
| CVE-2020-19877 | 2020-08-24 | DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. |
| CVE-2020-19878 | 2020-08-24 | DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information. |
| CVE-2020-14367 | 2020-08-24 | A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the... |
| CVE-2020-19879 | 2020-08-24 | DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107, |
| CVE-2020-19880 | 2020-08-24 | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function form 'Name' in dbhcms\types.php, A remote unauthenticated attacker can exploit this vulnerability to hijack other users. |
| CVE-2020-19881 | 2020-08-24 | DBHcms v1.2.0 has a reflected xss vulnerability as there is no security filter in dbhcms\mod\mod.selector.php line 108 for $_GET['return_name'] parameter, A remote authenticated with admin user can exploit this vulnerability... |
| CVE-2020-19882 | 2020-08-24 | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for 'menu_description' variable in dbhcms\mod\mod.menus.edit.php line 83 and in dbhcms\mod\mod.menus.view.php line 111, A remote authenticated with admin... |
| CVE-2020-19883 | 2020-08-24 | DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter in dbhcms\mod\mod.users.view.php line 57 for user_login, A remote authenticated with admin user can exploit this vulnerability to... |
| CVE-2020-19884 | 2020-08-24 | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function in dbhcms\mod\mod.domain.edit.php line 119. |
| CVE-2020-19885 | 2020-08-24 | DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_name']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability... |
| CVE-2020-19886 | 2020-08-24 | DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu. |
| CVE-2020-19887 | 2020-08-24 | DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecialchars function for '$_POST['pageparam_insert_description']' variable in dbhcms\mod\mod.page.edit.php line 227, A remote authenticated with admin user can exploit this vulnerability... |
| CVE-2020-19888 | 2020-08-24 | DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table. |
| CVE-2020-19889 | 2020-08-24 | DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user. |
| CVE-2020-19890 | 2020-08-24 | DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content. |
| CVE-2020-19891 | 2020-08-24 | DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user... |
| CVE-2020-7831 | 2020-08-24 | A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory... |
| CVE-2018-1985 | 2020-08-24 | IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM... |
| CVE-2020-4165 | 2020-08-24 | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote... |
| CVE-2020-4170 | 2020-08-24 | IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... |
| CVE-2020-4382 | 2020-08-24 | IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment or upgrade pertaining to xcat services.... |
| CVE-2020-4383 | 2020-08-24 | IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network... |
| CVE-2020-4587 | 2020-08-24 | IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX... |
| CVE-2020-4593 | 2020-08-24 | IBM Security Guardium Insights 2.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 184747. |
| CVE-2020-4598 | 2020-08-24 | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site,... |
| CVE-2020-14044 | 2020-08-24 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later. A user with admin privileges could use the plugin install... |
| CVE-2020-14043 | 2020-08-24 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace... |
| CVE-2020-10775 | 2020-08-24 | An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the... |
| CVE-2020-24606 | 2020-08-24 | Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response... |
| CVE-2020-7705 | 2020-08-24 | Malicious Package |
| CVE-2020-24364 | 2020-08-24 | MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite. |
| CVE-2020-6637 | 2020-08-24 | openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. |
| CVE-2020-7376 | 2020-08-24 | Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module |
| CVE-2020-7377 | 2020-08-24 | Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module |
| CVE-2020-24572 | 2020-08-24 | An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi)... |
| CVE-2020-24612 | 2020-08-24 | An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not... |
| CVE-2020-24613 | 2020-08-24 | wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows... |
| CVE-2020-5540 | 2020-08-25 | Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to inject arbitrary script or HTML via a specially crafted URL. |
| CVE-2020-5541 | 2020-08-25 | Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. |
| CVE-2020-5619 | 2020-08-25 | Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via unspecified vectors. |
| CVE-2020-5620 | 2020-08-25 | Cross-site scripting vulnerability in Exment prior to v3.6.0 allows remote authenticated attackers to inject arbitrary script or HTML via a specially crafted file. |
| CVE-2020-17384 | 2020-08-25 | Cellopoint CelloOS - Remote Command Execution (RCE) |
| CVE-2020-17385 | 2020-08-25 | Cellopoint CelloOS - Unauthenticated Arbitrary File Disclosure |
| CVE-2020-17386 | 2020-08-25 | Cellopoint CelloOS - Server-Side Request Forgery (SSRF) |
| CVE-2020-14500 | 2020-08-25 | IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158 |
| CVE-2020-14508 | 2020-08-25 | OFF-BY-ONE ERROR CWE-193 |
| CVE-2020-14510 | 2020-08-25 | OFF-BY-ONE ERROR CWE-193 |
| CVE-2020-14512 | 2020-08-25 | USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT CWE-916 |
| CVE-2020-14522 | 2020-08-25 | Softing Industrial Automation OPC |
| CVE-2020-14524 | 2020-08-25 | Softing Industrial Automation OPC |
| CVE-2020-24614 | 2020-08-25 | Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. |
| CVE-2020-24240 | 2020-08-25 | GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used... |
| CVE-2020-24241 | 2020-08-25 | In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. |
| CVE-2020-24242 | 2020-08-25 | In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. |
| CVE-2020-24609 | 2020-08-25 | TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time... |
| CVE-2020-14042 | 2020-08-25 | ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's... |
| CVE-2020-24616 | 2020-08-25 | FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). |
| CVE-2020-16245 | 2020-08-25 | Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute... |
| CVE-2020-24622 | 2020-08-25 | In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user. |
| CVE-2020-7824 | 2020-08-25 | Ericssonlg iPECS Privilege Escalation Vulnerability |
| CVE-2020-16197 | 2020-08-25 | An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised... |
| CVE-2020-17390 | 2020-08-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system... |
| CVE-2020-17391 | 2020-08-25 | This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system... |
| CVE-2020-17392 | 2020-08-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system... |
| CVE-2020-17393 | 2020-08-25 | This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system... |
| CVE-2020-17394 | 2020-08-25 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target... |
| CVE-2020-17395 | 2020-08-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest... |
| CVE-2020-17396 | 2020-08-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system... |
| CVE-2020-17397 | 2020-08-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest... |
| CVE-2020-17398 | 2020-08-25 | This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system... |
| CVE-2020-17399 | 2020-08-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system... |
| CVE-2020-17400 | 2020-08-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system... |
| CVE-2020-17401 | 2020-08-25 | This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target... |
| CVE-2020-17402 | 2020-08-25 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the... |
| CVE-2020-15639 | 2020-08-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... |
| CVE-2020-15640 | 2020-08-25 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... |
| CVE-2020-15641 | 2020-08-25 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... |
| CVE-2020-15642 | 2020-08-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism... |
| CVE-2020-15643 | 2020-08-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be... |
| CVE-2020-15644 | 2020-08-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be... |
| CVE-2020-15645 | 2020-08-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be... |
| CVE-2020-17387 | 2020-08-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be... |
| CVE-2020-17388 | 2020-08-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be... |
| CVE-2020-17389 | 2020-08-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be... |
| CVE-2020-17403 | 2020-08-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-17404 | 2020-08-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must... |
| CVE-2020-15777 | 2020-08-25 | An issue was discovered in the Maven Extension plugin before 1.6 for Gradle Enterprise. The extension uses a socket connection to send serialized Java objects. Deserialization is not restricted to... |
| CVE-2020-19005 | 2020-08-25 | zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly. |
| CVE-2019-14904 | 2020-08-25 | A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by... |