CVE List - 2020 / September
Showing 1401 - 1500 of 1592 CVEs for September 2020 (Page 15 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-26105 | 2020-09-25 | In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). |
| CVE-2020-26104 | 2020-09-25 | In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). |
| CVE-2020-26103 | 2020-09-25 | In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). |
| CVE-2020-26102 | 2020-09-25 | In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). |
| CVE-2020-26101 | 2020-09-25 | In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). |
| CVE-2020-26100 | 2020-09-25 | chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). |
| CVE-2020-26099 | 2020-09-25 | cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). |
| CVE-2020-26098 | 2020-09-25 | cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). |
| CVE-2019-11556 | 2020-09-25 | Pagure before 5.6 allows XSS via the templates/blame.html blame view. |
| CVE-2020-15521 | 2020-09-25 | Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) . |
| CVE-2020-15394 | 2020-09-25 | The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution. |
| CVE-2020-7735 | 2020-09-25 | Command Injection |
| CVE-2020-13995 | 2020-09-25 | U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing... |
| CVE-2018-6447 | 2020-09-25 | A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to... |
| CVE-2019-16212 | 2020-09-25 | A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication... |
| CVE-2019-16211 | 2020-09-25 | Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability. |
| CVE-2018-6449 | 2020-09-25 | Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers |
| CVE-2018-6448 | 2020-09-25 | A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the... |
| CVE-2020-15369 | 2020-09-25 | Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server.... |
| CVE-2020-15370 | 2020-09-25 | Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the... |
| CVE-2020-15371 | 2020-09-25 | Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability. |
| CVE-2020-15372 | 2020-09-25 | A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell... |
| CVE-2020-15373 | 2020-09-25 | Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks. |
| CVE-2020-15374 | 2020-09-25 | Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input. |
| CVE-2020-5930 | 2020-09-25 | In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods. |
| CVE-2020-5929 | 2020-09-25 | In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH)... |
| CVE-2020-25130 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements... |
| CVE-2020-25131 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store... |
| CVE-2020-25132 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements... |
| CVE-2020-25133 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted... |
| CVE-2020-19450 | 2020-09-25 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter. |
| CVE-2020-25134 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted... |
| CVE-2020-25135 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store... |
| CVE-2020-25136 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted... |
| CVE-2020-19451 | 2020-09-25 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter. |
| CVE-2020-19455 | 2020-09-25 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter. |
| CVE-2020-25137 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store... |
| CVE-2020-25138 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store... |
| CVE-2020-25139 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store... |
| CVE-2020-25140 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store... |
| CVE-2020-4531 | 2020-09-25 | IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical... |
| CVE-2020-4727 | 2020-09-25 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote... |
| CVE-2020-25141 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store... |
| CVE-2020-25142 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can... |
| CVE-2020-25143 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements... |
| CVE-2020-16242 | 2020-09-25 | GE Reason S20 Ethernet Switch |
| CVE-2020-25144 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted... |
| CVE-2020-25145 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted... |
| CVE-2020-25146 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store... |
| CVE-2020-25147 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements... |
| CVE-2020-25148 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store... |
| CVE-2020-25149 | 2020-09-25 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted... |
| CVE-2020-15190 | 2020-09-25 | Segfault in Tensorflow |
| CVE-2020-15200 | 2020-09-25 | Segfault in Tensorflow |
| CVE-2020-15199 | 2020-09-25 | Denial of Service in Tensorflow |
| CVE-2020-15198 | 2020-09-25 | Heap buffer overflow in Tensorflow |
| CVE-2020-15197 | 2020-09-25 | Denial of Service in Tensorflow |
| CVE-2020-15196 | 2020-09-25 | Heap buffer overflow in Tensorflow |
| CVE-2020-15195 | 2020-09-25 | Heap buffer overflow in Tensorflow |
| CVE-2020-15194 | 2020-09-25 | Denial of Service in Tensorflow |
| CVE-2020-15193 | 2020-09-25 | Memory corruption in Tensorflow |
| CVE-2020-15192 | 2020-09-25 | Memory leak in Tensorflow |
| CVE-2020-15191 | 2020-09-25 | Undefined behavior in Tensorflow |
| CVE-2020-15211 | 2020-09-25 | Out of bounds access in tensorflow-lite |
| CVE-2020-15210 | 2020-09-25 | Segmentation fault in tensorflow-lite |
| CVE-2020-15209 | 2020-09-25 | Null pointer dereference in tensorflow-lite |
| CVE-2020-15208 | 2020-09-25 | Data corruption in tensorflow-lite |
| CVE-2020-15207 | 2020-09-25 | Segfault and data corruption in tensorflow-lite |
| CVE-2020-15206 | 2020-09-25 | Denial of Service in Tensorflow |
| CVE-2020-15205 | 2020-09-25 | Data leak in Tensorflow |
| CVE-2020-15204 | 2020-09-25 | Segfault in Tensorflow |
| CVE-2020-15203 | 2020-09-25 | Denial of Service in Tensorflow |
| CVE-2020-15202 | 2020-09-25 | Integer truncation in Shard API usage |
| CVE-2020-15201 | 2020-09-25 | Heap buffer overflow in Tensorflow |
| CVE-2020-15214 | 2020-09-25 | Out of bounds write in tensorflow-lite |
| CVE-2020-15213 | 2020-09-25 | Denial of service in tensorflow-lite |
| CVE-2020-15212 | 2020-09-25 | Out of bounds access in tensorflow-lite |
| CVE-2020-26116 | 2020-09-27 | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by... |
| CVE-2020-26117 | 2020-09-27 | In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server... |
| CVE-2020-26120 | 2020-09-27 | XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS... |
| CVE-2020-26121 | 2020-09-27 | An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the... |
| CVE-2020-25812 | 2020-09-27 | An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable... |
| CVE-2020-25815 | 2020-09-27 | An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should... |
| CVE-2020-25814 | 2020-09-27 | In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery... |
| CVE-2020-25828 | 2020-09-27 | An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally... |
| CVE-2020-25869 | 2020-09-27 | An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki. |
| CVE-2020-25827 | 2020-09-27 | An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate... |
| CVE-2020-25813 | 2020-09-27 | In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. |
| CVE-2020-24562 | 2020-09-28 | A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be... |
| CVE-2020-24563 | 2020-09-28 | A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to... |
| CVE-2020-24564 | 2020-09-28 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.... |
| CVE-2020-24565 | 2020-09-28 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.... |
| CVE-2020-25770 | 2020-09-28 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.... |
| CVE-2020-25771 | 2020-09-28 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.... |
| CVE-2020-25772 | 2020-09-28 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.... |
| CVE-2020-25773 | 2020-09-28 | A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in... |
| CVE-2020-25774 | 2020-09-28 | A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account.... |
| CVE-2020-25775 | 2020-09-28 | The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the... |
| CVE-2020-26137 | 2020-09-29 | urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE:... |
| CVE-2020-15595 | 2020-09-29 | An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows... |