CVE List - 2020 / September
Showing 1 - 100 of 1592 CVEs for September 2020 (Page 1 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-14178 | 2020-09-01 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before... |
| CVE-2020-12776 | 2020-09-01 | Openfind Mail2000 - Broken Access Control |
| CVE-2020-7713 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7716 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7715 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7714 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7718 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7717 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7719 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7720 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7722 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7721 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7724 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7723 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7727 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7726 | 2020-09-01 | Prototype Pollution |
| CVE-2020-7725 | 2020-09-01 | Prototype Pollution |
| CVE-2020-8023 | 2020-09-01 | Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2 |
| CVE-2018-12475 | 2020-09-01 | obs-service-download_files allows downloading from localhost or intranet hosts |
| CVE-2020-24583 | 2020-09-01 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created... |
| CVE-2020-24584 | 2020-09-01 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the... |
| CVE-2020-6129 | 2020-09-01 | SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an... |
| CVE-2020-6130 | 2020-09-01 | SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make... |
| CVE-2020-6131 | 2020-09-01 | SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make... |
| CVE-2020-24554 | 2020-09-01 | The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a... |
| CVE-2020-2238 | 2020-09-01 | Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers... |
| CVE-2020-2239 | 2020-09-01 | Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access... |
| CVE-2020-2240 | 2020-09-01 | A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts. |
| CVE-2020-2241 | 2020-09-01 | A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials. |
| CVE-2020-2242 | 2020-09-01 | A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials. |
| CVE-2020-2243 | 2020-09-01 | Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape build descriptions in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. |
| CVE-2020-2244 | 2020-09-01 | Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to... |
| CVE-2020-2245 | 2020-09-01 | Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2020-2246 | 2020-09-01 | Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML... |
| CVE-2020-2247 | 2020-09-01 | Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
| CVE-2020-2248 | 2020-09-01 | Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code, resulting in a reflected cross-site scripting (XSS) vulnerability. |
| CVE-2020-2249 | 2020-09-01 | Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with... |
| CVE-2020-2250 | 2020-09-01 | Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended... |
| CVE-2020-2251 | 2020-09-01 | Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure. |
| CVE-2020-6117 | 2020-09-01 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated... |
| CVE-2020-6118 | 2020-09-01 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated... |
| CVE-2020-6119 | 2020-09-01 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated... |
| CVE-2020-7665 | 2020-09-01 | Arbitrary File Write via Archive Extraction (Zip Slip) |
| CVE-2020-7666 | 2020-09-01 | Arbitrary File Write via Archive Extraction (Zip Slip) |
| CVE-2020-7669 | 2020-09-01 | Arbitrary File Write via Archive Extraction (Zip Slip) |
| CVE-2020-6120 | 2020-09-01 | SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated... |
| CVE-2020-6121 | 2020-09-01 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated... |
| CVE-2020-6122 | 2020-09-01 | SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated... |
| CVE-2020-14514 | 2020-09-01 | Trailer Power Line Communications vulnerability |
| CVE-2020-6123 | 2020-09-01 | An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can... |
| CVE-2020-6124 | 2020-09-01 | An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can... |
| CVE-2020-6125 | 2020-09-01 | An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated... |
| CVE-2020-6126 | 2020-09-01 | SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated... |
| CVE-2020-6127 | 2020-09-01 | SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated... |
| CVE-2020-6128 | 2020-09-01 | SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is... |
| CVE-2020-6132 | 2020-09-01 | SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an... |
| CVE-2020-6133 | 2020-09-01 | SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an... |
| CVE-2020-6134 | 2020-09-01 | SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an... |
| CVE-2019-5645 | 2020-09-01 | Rapid7 Metasploit HTTP Handler Denial of Service |
| CVE-2020-23971 | 2020-09-01 | gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues... |
| CVE-2020-23450 | 2020-09-01 | Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization. |
| CVE-2012-3336 | 2020-09-01 | IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to... |
| CVE-2012-3337 | 2020-09-01 | IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences... |
| CVE-2012-3338 | 2020-09-01 | IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could... |
| CVE-2012-3340 | 2020-09-01 | IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to... |
| CVE-2012-3341 | 2020-09-01 | IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted... |
| CVE-2020-6135 | 2020-09-01 | An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated... |
| CVE-2020-15150 | 2020-09-01 | Remote Code Execution in paginator(hex) |
| CVE-2020-23839 | 2020-09-01 | A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login... |
| CVE-2020-23835 | 2020-09-01 | A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks... |
| CVE-2020-23836 | 2020-09-01 | A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits... |
| CVE-2020-23831 | 2020-09-01 | A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated... |
| CVE-2020-23829 | 2020-09-01 | interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted... |
| CVE-2020-6136 | 2020-09-01 | An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated... |
| CVE-2020-24034 | 2020-09-01 | Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with... |
| CVE-2020-6141 | 2020-09-01 | An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP... |
| CVE-2020-17405 | 2020-09-01 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... |
| CVE-2020-24556 | 2020-09-01 | A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a... |
| CVE-2020-24558 | 2020-09-01 | A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds... |
| CVE-2020-24559 | 2020-09-01 | A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load... |
| CVE-2020-24557 | 2020-09-01 | A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security... |
| CVE-2020-6137 | 2020-09-01 | SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can... |
| CVE-2020-6138 | 2020-09-01 | SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can... |
| CVE-2020-6139 | 2020-09-01 | SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can... |
| CVE-2020-6140 | 2020-09-01 | SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can... |
| CVE-2020-6142 | 2020-09-01 | A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP... |
| CVE-2020-25070 | 2020-09-01 | USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature. |
| CVE-2020-25069 | 2020-09-01 | USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view. |
| CVE-2020-6143 | 2020-09-01 | A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP... |
| CVE-2020-6144 | 2020-09-01 | A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP... |
| CVE-2020-6874 | 2020-09-01 | A ZTE product is impacted by the cryptographic issues vulnerability. The encryption algorithm is not properly used, so remote attackers could use this vulnerability for account credential enumeration attack or... |
| CVE-2020-6873 | 2020-09-01 | A ZTE product has a DoS vulnerability. Because the equipment couldn’t distinguish the attack packets and normal packets with valid http links, the remote attackers could use this vulnerability to... |
| CVE-2020-5777 | 2020-09-01 | MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can... |
| CVE-2020-5776 | 2020-09-01 | Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged... |
| CVE-2020-16206 | 2020-09-01 | The affected product is vulnerable to stored cross-site scripting, which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W /... |
| CVE-2020-16208 | 2020-09-01 | The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a... |
| CVE-2020-16210 | 2020-09-01 | The affected product is vulnerable to reflected cross-site scripting, which may allow an attacker to remotely execute arbitrary code and perform actions in the context of an attacked user on... |
| CVE-2020-16204 | 2020-09-01 | The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron... |
| CVE-2020-13946 | 2020-09-01 | In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files... |
| CVE-2020-6151 | 2020-09-01 | A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious... |