CVE List - 2020 / August
Showing 901 - 1000 of 1160 CVEs for August 2020 (Page 10 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-24653 | 2020-08-26 | secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used. |
| CVE-2020-24656 | 2020-08-26 | Maltego before 4.2.12 allows XXE attacks. |
| CVE-2020-7309 | 2020-08-26 | Cross Site Scripting vulnerability in ePO extension of MACC |
| CVE-2020-16193 | 2020-08-26 | osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. |
| CVE-2020-15499 | 2020-08-26 | An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page. |
| CVE-2020-15498 | 2020-08-26 | An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget... |
| CVE-2020-24312 | 2020-08-26 | mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse... |
| CVE-2020-24313 | 2020-08-26 | Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an... |
| CVE-2020-24314 | 2020-08-26 | Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET parameter before echoing it back out inside an input tag. This results... |
| CVE-2020-24315 | 2020-08-26 | Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who... |
| CVE-2020-24316 | 2020-08-26 | WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a... |
| CVE-2020-19007 | 2020-08-26 | Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser. |
| CVE-2020-14498 | 2020-08-26 | HMS Industrial Networks AB eCatcher Stack-based Buffer Overflow |
| CVE-2020-24008 | 2020-08-26 | Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid... |
| CVE-2019-18847 | 2020-08-26 | Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. |
| CVE-2020-24007 | 2020-08-26 | Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. |
| CVE-2020-5913 | 2020-08-26 | In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and... |
| CVE-2020-5917 | 2020-08-26 | In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered... |
| CVE-2020-5918 | 2020-08-26 | In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic when traffic volume is... |
| CVE-2020-5914 | 2020-08-26 | In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed server cookie scenario may cause BD to restart under some circumstances. |
| CVE-2020-16250 | 2020-08-26 | HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. |
| CVE-2020-16251 | 2020-08-26 | HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. |
| CVE-2020-5919 | 2020-08-26 | In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel (TMM) to stop... |
| CVE-2020-5916 | 2020-08-26 | In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. |
| CVE-2020-5915 | 2020-08-26 | In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored XSS when BIG-IP systems are setup in a device... |
| CVE-2020-5912 | 2020-08-26 | In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files. |
| CVE-2020-13410 | 2020-08-26 | An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream. |
| CVE-2020-5924 | 2020-08-26 | In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set. |
| CVE-2020-15484 | 2020-08-26 | An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering. |
| CVE-2020-5923 | 2020-08-26 | In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses. |
| CVE-2020-5922 | 2020-08-26 | In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web... |
| CVE-2020-5920 | 2020-08-26 | In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to perform a read-only blind SQL injection attack. |
| CVE-2020-24661 | 2020-08-26 | GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use... |
| CVE-2020-5927 | 2020-08-26 | In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting. |
| CVE-2020-15486 | 2020-08-26 | An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the... |
| CVE-2020-5921 | 2020-08-26 | in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, Syn flood causes large number of MCPD context messages destined to secondary blades consuming memory leading to MCPD failure. This... |
| CVE-2020-13821 | 2020-08-26 | An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet (sent to the Broker) is reflected in the client section of the... |
| CVE-2020-5925 | 2020-08-26 | In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, undisclosed internally generated UDP traffic may cause the Traffic Management Microkernel (TMM) to restart under some circumstances. |
| CVE-2020-15483 | 2020-08-26 | An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access. |
| CVE-2020-5926 | 2020-08-26 | In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain... |
| CVE-2020-15482 | 2020-08-26 | An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an... |
| CVE-2020-5928 | 2020-08-26 | In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times. |
| CVE-2020-3523 | 2020-08-26 | Cisco Data Center Network Manager Cross-Site Scripting Vulnerability |
| CVE-2020-3522 | 2020-08-26 | Cisco Data Center Network Manager Authorization Bypass Vulnerability |
| CVE-2020-3521 | 2020-08-26 | Cisco Data Center Network Manager Read File Path Traversal Vulnerability |
| CVE-2020-3520 | 2020-08-26 | Cisco Data Center Network Manager Information Disclosure Vulnerability |
| CVE-2020-3519 | 2020-08-26 | Cisco Data Center Network Manager Path Traversal Vulnerability |
| CVE-2020-3518 | 2020-08-26 | Cisco Data Center Network Manager Cross-Site Scripting Vulnerability |
| CVE-2020-3507 | 2020-08-26 | Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities |
| CVE-2020-3506 | 2020-08-26 | Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities |
| CVE-2020-3505 | 2020-08-26 | Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability |
| CVE-2020-3496 | 2020-08-26 | Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability |
| CVE-2020-3491 | 2020-08-26 | Cisco Vision Dynamic Signage Director Stored Cross-Site Scripting Vulnerability |
| CVE-2020-3485 | 2020-08-26 | Cisco Vision Dynamic Signage Director Role-Based Access Control Vulnerability |
| CVE-2020-3490 | 2020-08-26 | Cisco Vision Dynamic Signage Director Path Traversal Vulnerability |
| CVE-2020-3484 | 2020-08-26 | Cisco Vision Dynamic Signage Director Directory Traversal Information Disclosure Vulnerability |
| CVE-2020-3466 | 2020-08-26 | Cisco DNA Center Cross-Site Scripting Vulnerabilities |
| CVE-2020-3446 | 2020-08-26 | Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability |
| CVE-2020-3443 | 2020-08-26 | Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability |
| CVE-2020-3440 | 2020-08-26 | Cisco Webex Meetings Desktop App for Windows Arbitrary File Overwrite Vulnerability |
| CVE-2020-3439 | 2020-08-26 | Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability |
| CVE-2020-3389 | 2020-08-26 | Cisco Hyperflex HX-Series Software Weak Storage Vulnerability |
| CVE-2020-3152 | 2020-08-26 | Cisco Connected Mobile Experiences Privilege Escalation Vulnerability |
| CVE-2020-3151 | 2020-08-26 | Cisco Connected Mobile Experiences Restricted Shell Escape Vulnerability |
| CVE-2020-23654 | 2020-08-26 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the module "Shop." |
| CVE-2020-23655 | 2020-08-26 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." |
| CVE-2020-23656 | 2020-08-26 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Content." |
| CVE-2020-23657 | 2020-08-26 | NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "Configuration." |
| CVE-2020-23658 | 2020-08-26 | PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. |
| CVE-2020-23660 | 2020-08-26 | webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." |
| CVE-2020-23659 | 2020-08-26 | WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature. |
| CVE-2020-13863 | 2020-08-26 | The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of... |
| CVE-2020-13767 | 2020-08-26 | The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS... |
| CVE-2020-15158 | 2020-08-26 | Heap buffer overflow in libIEC61850 |
| CVE-2020-13617 | 2020-08-26 | The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory... |
| CVE-2020-12456 | 2020-08-26 | A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of... |
| CVE-2020-11797 | 2020-08-26 | An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain... |
| CVE-2020-11497 | 2020-08-26 | An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by... |
| CVE-2020-24548 | 2020-08-26 | Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform... |
| CVE-2020-17376 | 2020-08-26 | An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone... |
| CVE-2020-12855 | 2020-08-26 | A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302... |
| CVE-2018-1501 | 2020-08-26 | IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226. |
| CVE-2019-4686 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending... |
| CVE-2019-4688 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending... |
| CVE-2019-4689 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could... |
| CVE-2019-4691 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2019-4692 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829. |
| CVE-2019-4693 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831. |
| CVE-2019-4694 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,... |
| CVE-2019-4697 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. |
| CVE-2019-4698 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force... |
| CVE-2019-4699 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931. |
| CVE-2019-4701 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936. |
| CVE-2019-4713 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this... |
| CVE-2020-15156 | 2020-08-26 | XSS due to lack of CSRF validation for replying/publishing |
| CVE-2020-15485 | 2020-08-26 | An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering. |
| CVE-2019-4695 | 2020-08-26 | IBM Security Guardium Data Encryption (GDE) 3.0.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 171926. |
| CVE-2011-4820 | 2020-08-26 | IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences. |
| CVE-2020-24599 | 2020-08-26 | An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks. |
| CVE-2020-24598 | 2020-08-26 | An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect. |