CVE List - 2020 / September
Showing 1001 - 1100 of 1592 CVEs for September 2020 (Page 11 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-15775 | 2020-09-18 | An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time.... |
| CVE-2020-15774 | 2020-09-18 | An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An attacker with physical access to the browser of a user who has recently logged in to Gradle Enterprise and... |
| CVE-2020-15772 | 2020-09-18 | An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an... |
| CVE-2020-15771 | 2020-09-18 | An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation. |
| CVE-2020-15770 | 2020-09-18 | An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user's password, due to lack of lock-out after excessive failed logins. |
| CVE-2020-15767 | 2020-09-18 | An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with... |
| CVE-2020-15773 | 2020-09-18 | An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for... |
| CVE-2020-9739 | 2020-09-18 | Adobe Media Encoder FLV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2020-9744 | 2020-09-18 | Adobe Media Encoder WMV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2020-9745 | 2020-09-18 | Adobe Media Encoder PSD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2020-15958 | 2020-09-18 | An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated... |
| CVE-2020-5975 | 2020-09-18 | NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may... |
| CVE-2020-0318 | 2020-09-18 | In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed.... |
| CVE-2020-0354 | 2020-09-18 | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2020-0089 | 2020-09-18 | In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is... |
| CVE-2020-7358 | 2020-09-18 | Code Injection in Rapid7 AppSpider Pro Installer |
| CVE-2020-0262 | 2020-09-18 | In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction... |
| CVE-2020-0268 | 2020-09-18 | In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed... |
| CVE-2020-0271 | 2020-09-18 | In the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for... |
| CVE-2020-0273 | 2020-09-18 | In hwservicemanager, there is a possible out of bounds write due to freeing a wild pointer. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2020-0298 | 2020-09-18 | In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2020-0299 | 2020-09-18 | In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed.... |
| CVE-2020-0309 | 2020-09-18 | In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a... |
| CVE-2020-0319 | 2020-09-18 | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a... |
| CVE-2020-0326 | 2020-09-18 | In NFC, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2020-0334 | 2020-09-18 | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a... |
| CVE-2020-0335 | 2020-09-18 | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a... |
| CVE-2020-0347 | 2020-09-18 | In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2020-0350 | 2020-09-18 | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a... |
| CVE-2020-0405 | 2020-09-18 | In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is... |
| CVE-2020-0263 | 2020-09-18 | In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is... |
| CVE-2020-0265 | 2020-09-18 | In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2020-0269 | 2020-09-18 | In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is... |
| CVE-2020-0272 | 2020-09-18 | In libhwbinder, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges required. User interaction is not needed for... |
| CVE-2020-0276 | 2020-09-18 | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2020-0281 | 2020-09-18 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and... |
| CVE-2020-0282 | 2020-09-18 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and... |
| CVE-2020-0284 | 2020-09-18 | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2020-5976 | 2020-09-18 | NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits... |
| CVE-2020-0285 | 2020-09-18 | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2020-0286 | 2020-09-18 | In Bluetooth AVRCP, there is a possible leak of audio metadata due to residual data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2020-0291 | 2020-09-18 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised... |
| CVE-2020-0292 | 2020-09-18 | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges and a compromised... |
| CVE-2020-0294 | 2020-09-18 | In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction... |
| CVE-2020-0295 | 2020-09-18 | In Telecom, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed... |
| CVE-2020-0300 | 2020-09-18 | In NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2020-0302 | 2020-09-18 | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed... |
| CVE-2020-0304 | 2020-09-18 | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed... |
| CVE-2020-0307 | 2020-09-18 | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed... |
| CVE-2020-0310 | 2020-09-18 | In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed... |
| CVE-2020-0311 | 2020-09-18 | In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed... |
| CVE-2020-0313 | 2020-09-18 | In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed... |
| CVE-2020-0315 | 2020-09-18 | In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not... |
| CVE-2020-0316 | 2020-09-18 | In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for... |
| CVE-2020-0325 | 2020-09-18 | In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:... |
| CVE-2020-0327 | 2020-09-18 | In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed... |
| CVE-2020-0331 | 2020-09-18 | In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device's IMEI with User execution privileges needed. User interaction is not needed for... |
| CVE-2020-0348 | 2020-09-18 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed.... |
| CVE-2020-0349 | 2020-09-18 | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2020-0365 | 2020-09-18 | In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2020-24623 | 2020-09-18 | A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for... |
| CVE-2020-15188 | 2020-09-18 | Unauthenticated Remote Code Execution in SOY CMS |
| CVE-2020-14029 | 2020-09-18 | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML... |
| CVE-2020-14021 | 2020-09-18 | An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering... |
| CVE-2020-15189 | 2020-09-18 | Remote Code Execution in SOY CMS |
| CVE-2020-25766 | 2020-09-18 | An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. |
| CVE-2020-3979 | 2020-09-18 | InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they... |
| CVE-2020-14390 | 2020-09-18 | A flaw was found in the Linux kernel in versions before 5.9-rc6. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of... |
| CVE-2020-14506 | 2020-09-18 | Philips Clinical Collaboration Platform Cross-site Request Forgery |
| CVE-2020-14525 | 2020-09-18 | Philips Clinical Collaboration Platform Improper Neutralization of Script in Attributes in a Web Page |
| CVE-2020-16198 | 2020-09-18 | Philips Clinical Collaboration Platform Protection Mechanism Failure |
| CVE-2020-16200 | 2020-09-18 | Philips Clinical Collaboration Platform Algorithm Downgrade |
| CVE-2020-15181 | 2020-09-18 | Admin account takeover in Alfresco Reset Password |
| CVE-2020-16247 | 2020-09-18 | Philips Clinical Collaboration Platform Configuration |
| CVE-2020-7945 | 2020-09-18 | Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous... |
| CVE-2020-16230 | 2020-09-18 | All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could... |
| CVE-2020-9084 | 2020-09-18 | Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain... |
| CVE-2020-25633 | 2020-09-18 | A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server... |
| CVE-2020-11861 | 2020-09-18 | Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain... |
| CVE-2020-8225 | 2020-09-18 | A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. |
| CVE-2020-8251 | 2020-09-18 | Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. |
| CVE-2020-8252 | 2020-09-18 | The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the... |
| CVE-2020-8253 | 2020-09-18 | Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to... |
| CVE-2020-8245 | 2020-09-18 | Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway... |
| CVE-2020-8158 | 2020-09-18 | Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks. |
| CVE-2020-8246 | 2020-09-18 | Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and... |
| CVE-2020-8247 | 2020-09-18 | Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and... |
| CVE-2020-8201 | 2020-09-18 | Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to... |
| CVE-2020-8237 | 2020-09-18 | Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack. |
| CVE-2020-8200 | 2020-09-18 | Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files... |
| CVE-2020-25792 | 2020-09-19 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair(). |
| CVE-2020-5421 | 2020-09-19 | RFD Protection Bypass via jsessionid |
| CVE-2020-25786 | 2020-09-19 | webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.... |
| CVE-2020-25789 | 2020-09-19 | An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document. |
| CVE-2020-25788 | 2020-09-19 | An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message. |
| CVE-2020-25787 | 2020-09-19 | An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them. |
| CVE-2020-25790 | 2020-09-19 | Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this... |
| CVE-2020-25796 | 2020-09-19 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment... |
| CVE-2020-25795 | 2020-09-19 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic. |
| CVE-2020-25794 | 2020-09-19 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic. |