CVE List - 2020 / August
Showing 1001 - 1100 of 1160 CVEs for August 2020 (Page 11 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-5320 | 2020-08-26 | Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cross Site Scripting... |
| CVE-2019-5321 | 2020-08-26 | Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Remote Unauthorized Access... |
| CVE-2020-14728 | 2020-08-26 | Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle NetSuite service. Supported versions that are affected are Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, 2019.2. Easily exploitable vulnerability allows low... |
| CVE-2020-14729 | 2020-08-26 | Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service. Supported versions that are affected are prior to 2020.1.4. Difficult to exploit vulnerability allows low privileged attacker with network... |
| CVE-2020-24703 | 2020-08-27 | An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It... |
| CVE-2020-24704 | 2020-08-27 | An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server... |
| CVE-2020-24705 | 2020-08-27 | An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It... |
| CVE-2020-24706 | 2020-08-27 | An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through... |
| CVE-2012-2160 | 2020-08-27 | IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted... |
| CVE-2012-2201 | 2020-08-27 | IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security... |
| CVE-2020-4174 | 2020-08-27 | IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174683. |
| CVE-2020-4166 | 2020-08-27 | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used... |
| CVE-2020-4167 | 2020-08-27 | IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. IBM X-Force ID: 174403. |
| CVE-2020-4169 | 2020-08-27 | IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405. |
| CVE-2020-4171 | 2020-08-27 | IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407. |
| CVE-2020-4172 | 2020-08-27 | IBM Security Guardium Insights 2.0.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header... |
| CVE-2020-4175 | 2020-08-27 | IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this... |
| CVE-2020-4575 | 2020-08-27 | IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Virtual Enterprise 7.0 and 8.0 are vulnerable to cross-site scripting when High Availability Deployment Manager is configured. |
| CVE-2020-4603 | 2020-08-27 | IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other... |
| CVE-2020-23980 | 2020-08-27 | DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. |
| CVE-2020-23972 | 2020-08-27 | In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of... |
| CVE-2020-23973 | 2020-08-27 | KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter. |
| CVE-2020-23974 | 2020-08-27 | Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags). |
| CVE-2020-23975 | 2020-08-27 | Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the 'search.php' id parameter. |
| CVE-2020-23976 | 2020-08-27 | Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the 'content.php' id parameter. |
| CVE-2020-23977 | 2020-08-27 | KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 'team.php,player.php,club.php' id parameter. |
| CVE-2020-23978 | 2020-08-27 | SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter " offerta.php" |
| CVE-2020-23979 | 2020-08-27 | 13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter. |
| CVE-2020-23981 | 2020-08-27 | 13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter. |
| CVE-2020-23982 | 2020-08-27 | DesignMasterEvents Conference management 1.0.0 has cross site scripting via the 'certificate.php' |
| CVE-2020-23984 | 2020-08-27 | Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. |
| CVE-2020-23983 | 2020-08-27 | Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. |
| CVE-2020-24390 | 2020-08-27 | eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs page, which might allow pre-authentication stored XSS during login/logout logs recording. |
| CVE-2020-23576 | 2020-08-27 | Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab. |
| CVE-2020-16142 | 2020-08-27 | On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. |
| CVE-2020-14415 | 2020-08-27 | oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. |
| CVE-2020-3504 | 2020-08-27 | Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability |
| CVE-2020-3454 | 2020-08-27 | Cisco NX-OS Software Call Home Command Injection Vulnerability |
| CVE-2020-3415 | 2020-08-27 | Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability |
| CVE-2020-3398 | 2020-08-27 | Cisco NX-OS Software Border Gateway Protocol Multicast VPN Session Denial of Service Vulnerability |
| CVE-2020-3397 | 2020-08-27 | Cisco NX-OS Software Border Gateway Protocol Multicast VPN Denial of Service Vulnerability |
| CVE-2020-3394 | 2020-08-27 | Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability |
| CVE-2020-3338 | 2020-08-27 | Cisco NX-OS Software IPv6 Protocol Independent Multicast Denial of Service Vulnerability |
| CVE-2020-3517 | 2020-08-27 | Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability |
| CVE-2020-24196 | 2020-08-27 | An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. |
| CVE-2020-24202 | 2020-08-27 | File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. |
| CVE-2020-24203 | 2020-08-27 | Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. |
| CVE-2020-24717 | 2020-08-27 | OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. |
| CVE-2020-24716 | 2020-08-27 | OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. |
| CVE-2020-5383 | 2020-08-27 | Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit... |
| CVE-2020-24618 | 2020-08-27 | In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access. |
| CVE-2020-15601 | 2020-08-27 | If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass... |
| CVE-2020-15605 | 2020-08-27 | If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to... |
| CVE-2020-8602 | 2020-08-27 | A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass... |
| CVE-2020-24714 | 2020-08-27 | The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. |
| CVE-2020-24715 | 2020-08-27 | The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName. |
| CVE-2020-10518 | 2020-08-27 | Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server |
| CVE-2020-10517 | 2020-08-27 | Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names |
| CVE-2020-5621 | 2020-08-28 | Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of... |
| CVE-2020-5623 | 2020-08-28 | NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via... |
| CVE-2020-5624 | 2020-08-28 | SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2020-5625 | 2020-08-28 | Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors. |
| CVE-2019-4533 | 2020-08-28 | IBM Resilient SOAR V38.0 users may experience a denial of service of the SOAR Platform due to a insufficient input validation. IBM X-Force ID: 165589. |
| CVE-2019-4579 | 2020-08-28 | IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID:... |
| CVE-2020-4559 | 2020-08-28 | IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a denial of service due ti improper validation of user-supplied input. IBM X-Force ID: 183613. |
| CVE-2020-4591 | 2020-08-28 | IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool.... |
| CVE-2020-9298 | 2020-08-28 | The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure. |
| CVE-2019-19499 | 2020-08-28 | Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. |
| CVE-2020-16610 | 2020-08-28 | Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be... |
| CVE-2020-15164 | 2020-08-28 | Authentication Bypass in Scratch Login (mediawiki-scratch-login) |
| CVE-2020-15165 | 2020-08-28 | Potentially tampered sources on Play Store for Chameleon Mini Live Debugger |
| CVE-2012-4818 | 2020-08-28 | IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remote authenticated attacker to obtain sensitive information, caused by improper restrictions on directories. An attacker could exploit this vulnerability... |
| CVE-2020-15154 | 2020-08-28 | Cross Site Scripting in baserCMS |
| CVE-2020-15155 | 2020-08-28 | Cross-Site Scripting in baserCMS |
| CVE-2020-15159 | 2020-08-28 | Cross Site Scripting leading to RCE in baserCMS |
| CVE-2020-25016 | 2020-08-29 | A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs... |
| CVE-2020-3566 | 2020-08-29 | Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability |
| CVE-2020-25019 | 2020-08-29 | jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. |
| CVE-2020-25020 | 2020-08-29 | MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components. |
| CVE-2020-24928 | 2020-08-29 | managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information. |
| CVE-2020-24898 | 2020-08-29 | The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter). |
| CVE-2020-24897 | 2020-08-29 | The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the... |
| CVE-2020-24972 | 2020-08-29 | The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt... |
| CVE-2020-7712 | 2020-08-30 | Command Injection |
| CVE-2020-8244 | 2020-08-30 | A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume()... |
| CVE-2020-14352 | 2020-08-30 | A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a... |
| CVE-2020-24917 | 2020-08-30 | osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php. |
| CVE-2020-24223 | 2020-08-30 | Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. |
| CVE-2020-8097 | 2020-08-30 | Improper authentication vulnerability in Bitdefender Endpoint Security Tools and Endpoint Security SDK (VA-8646) |
| CVE-2020-24104 | 2020-08-30 | XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by... |
| CVE-2020-25031 | 2020-08-31 | checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file. |
| CVE-2020-25032 | 2020-08-31 | An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames... |
| CVE-2020-25033 | 2020-08-31 | The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS. |
| CVE-2020-15020 | 2020-08-31 | An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field. |
| CVE-2020-4492 | 2020-08-31 | IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls... |
| CVE-2020-24115 | 2020-08-31 | In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. |
| CVE-2020-24786 | 2020-08-31 | An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number... |
| CVE-2020-13655 | 2020-08-31 | An issue was discovered in Collabtive 3.0 and later. managefile.php is vulnerable to XSS: when the action parameter is set to movefile and the id parameter corresponds to a project... |
| CVE-2020-11617 | 2020-08-31 | The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the... |
| CVE-2020-11618 | 2020-08-31 | THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root... |