CVE List - 2020 / September
Showing 901 - 1000 of 1592 CVEs for September 2020 (Page 10 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2019-20919 | 2020-09-17 | An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile),... |
| CVE-2020-13169 | 2020-09-17 | Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges... |
| CVE-2020-24753 | 2020-09-17 | A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to... |
| CVE-2020-0387 | 2020-09-17 | In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking... |
| CVE-2020-0403 | 2020-09-17 | In the FPC TrustZone fingerprint App, there is a possible invalid command handler due to an exposed test feature. This could lead to local escalation of privilege in the TEE,... |
| CVE-2020-24750 | 2020-09-17 | FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. |
| CVE-2020-0428 | 2020-09-17 | In CamX code, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges required. User interaction... |
| CVE-2020-0429 | 2020-09-17 | In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2020-0430 | 2020-09-17 | In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2020-0431 | 2020-09-17 | In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2020-0432 | 2020-09-17 | In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2020-0433 | 2020-09-17 | In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2020-0434 | 2020-09-17 | In Pixel's use of the Catpipe library, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution... |
| CVE-2020-15182 | 2020-09-17 | Cross-site Request Forgery leading to RCE in SOY CMS |
| CVE-2020-13260 | 2020-09-17 | A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain... |
| CVE-2020-15183 | 2020-09-17 | Reflected XSS leading to RCE in SoyCMS |
| CVE-2020-15184 | 2020-09-17 | Aliases are never checked in Helm |
| CVE-2020-0330 | 2020-09-17 | In iorap, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege and code execution with System execution privileges needed.... |
| CVE-2020-0267 | 2020-09-17 | In WindowManager, there is a possible launch of an unexpected app due to a confused deputy. This could lead to local escalation of privilege due to launching a malicious app... |
| CVE-2020-0275 | 2020-09-17 | In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation... |
| CVE-2020-0337 | 2020-09-17 | In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local information disclosure, with User execution privileges needed. User interaction... |
| CVE-2020-0338 | 2020-09-17 | In checkKeyIntent of AccountManagerService.java, there is a possible permission bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10... |
| CVE-2020-0333 | 2020-09-17 | In UrlQuerySanitizer, there is a possible improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:... |
| CVE-2020-0130 | 2020-09-17 | In screencap, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege in a system process with User execution privileges needed.... |
| CVE-2020-0277 | 2020-09-17 | In NetworkPolicyManagerService, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege allowing a malicious app to modify the device's... |
| CVE-2020-0341 | 2020-09-17 | In DisplayManager, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2020-0345 | 2020-09-17 | In DocumentsUI, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... |
| CVE-2020-0366 | 2020-09-17 | In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app... |
| CVE-2020-0288 | 2020-09-17 | In PackageManager, there is a missing permission check. This could lead to local information disclosure across user boundaries with no additional execution privileges needed. User interaction is not needed for... |
| CVE-2020-0289 | 2020-09-17 | In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product:... |
| CVE-2020-0290 | 2020-09-17 | In PackageManager, there is a missing permission check. This could lead to local information disclosure across users with no additional execution privileges needed. User interaction is not needed for exploitation.Product:... |
| CVE-2020-0293 | 2020-09-17 | In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2020-0296 | 2020-09-17 | In ADB server and USB server, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User... |
| CVE-2020-0297 | 2020-09-17 | In devicepolicy service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not... |
| CVE-2020-0308 | 2020-09-17 | In Window Manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not... |
| CVE-2020-0312 | 2020-09-17 | In Battery Saver, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not... |
| CVE-2020-0317 | 2020-09-17 | In UsageStatsManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2020-0343 | 2020-09-17 | In NetworkStatsService, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2020-0352 | 2020-09-17 | In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed... |
| CVE-2020-0372 | 2020-09-17 | In ActivityManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2020-0369 | 2020-09-17 | In libavb, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2020-0322 | 2020-09-17 | In apexd, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2020-0323 | 2020-09-17 | In libavb, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2020-0425 | 2020-09-17 | There is a possible way to view notifications even when the "Lockdown" feature is on. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2020-0426 | 2020-09-17 | In SyncManager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not... |
| CVE-2020-0264 | 2020-09-17 | In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction... |
| CVE-2020-0303 | 2020-09-17 | In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution... |
| CVE-2020-0321 | 2020-09-17 | In the mp3 extractor, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2020-0306 | 2020-09-17 | In LLVM, there is a possible ineffective stack cookie placement due to stack frame double reservation. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2020-0336 | 2020-09-17 | In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for... |
| CVE-2020-0346 | 2020-09-17 | In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which... |
| CVE-2020-0356 | 2020-09-17 | In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2020-0357 | 2020-09-17 | In SurfaceFlinger, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the graphics server with no additional execution privileges needed. User... |
| CVE-2020-0358 | 2020-09-17 | In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2020-0360 | 2020-09-17 | In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is... |
| CVE-2020-0406 | 2020-09-17 | In libmpeg2dec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if another exploit allowed this to... |
| CVE-2020-0125 | 2020-09-17 | In mediadrm, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2020-0270 | 2020-09-17 | In tremolo, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2020-0274 | 2020-09-17 | In the OMX parser, there is a possible information disclosure due to a returned raw pointer. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2020-0279 | 2020-09-17 | In the AAC parser, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2020-0314 | 2020-09-17 | In AudioService, there are missing permission checks. This could lead to local information disclosure of audio configuration with no additional execution privileges needed. User interaction is not needed for exploitation.Product:... |
| CVE-2020-0324 | 2020-09-17 | In libsonivox, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2020-0328 | 2020-09-17 | In the camera, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2020-0329 | 2020-09-17 | In the OMX encoder, there is a possible out of bounds read due to invalid input validation. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2020-0340 | 2020-09-17 | In libcodec2_soft_mp3dec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for... |
| CVE-2020-0344 | 2020-09-17 | In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed... |
| CVE-2020-0355 | 2020-09-17 | In libFraunhoferAAC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2020-0359 | 2020-09-17 | In GLESRenderEngine, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2020-0361 | 2020-09-17 | In libDRCdec, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for... |
| CVE-2020-0364 | 2020-09-17 | In libDRCdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2020-0370 | 2020-09-17 | In libAACdec, there is a possible out of bounds read due to missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2020-0373 | 2020-09-17 | In SoundTriggerHwService, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2020-0287 | 2020-09-17 | In libmkvextractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction... |
| CVE-2020-0301 | 2020-09-17 | In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2020-0320 | 2020-09-17 | In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2020-0332 | 2020-09-17 | In libstagefright, there is a possible dead loop due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2020-0351 | 2020-09-17 | In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed... |
| CVE-2020-0353 | 2020-09-17 | In libmp4extractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction... |
| CVE-2020-0362 | 2020-09-17 | In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2020-0363 | 2020-09-17 | In libmedia, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2020-0266 | 2020-09-17 | In factory reset protection, there is a possible FRP bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2020-0374 | 2020-09-17 | In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not... |
| CVE-2020-0375 | 2020-09-17 | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege and the setting of supported EUICC countries with... |
| CVE-2020-15185 | 2020-09-17 | Duplicated chart entries in Helm |
| CVE-2020-15186 | 2020-09-17 | Improper sanitization of plugin names in Helm |
| CVE-2020-15187 | 2020-09-17 | Duplicate plugin entries in Helm |
| CVE-2020-25733 | 2020-09-18 | webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. |
| CVE-2020-25734 | 2020-09-18 | webTareas through 2.1 allows files/Default/ Directory Listing. |
| CVE-2020-25735 | 2020-09-18 | webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php. |
| CVE-2020-25744 | 2020-09-18 | SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is... |
| CVE-2020-25750 | 2020-09-18 | An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string... |
| CVE-2020-25751 | 2020-09-18 | The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. |
| CVE-2020-25756 | 2020-09-18 | A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a... |
| CVE-2020-5605 | 2020-09-18 | Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. |
| CVE-2020-5606 | 2020-09-18 | Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page. |
| CVE-2020-5628 | 2020-09-18 | UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access... |
| CVE-2020-5629 | 2020-09-18 | UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As... |
| CVE-2020-15769 | 2020-09-18 | An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL. |
| CVE-2020-15768 | 2020-09-18 | An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to... |
| CVE-2020-15776 | 2020-09-18 | An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the... |