CVE List - 2020 / September
Showing 401 - 500 of 1592 CVEs for September 2020 (Page 5 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-24916 | 2020-09-09 | CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. |
| CVE-2020-10056 | 2020-09-09 | A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server... |
| CVE-2020-15784 | 2020-09-09 | A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names. |
| CVE-2020-15785 | 2020-09-09 | A vulnerability has been identified in Siveillance Video Client (All versions). In environments where Windows NTLM authentication is enabled the affected client application transmits usernames to the server in cleartext.... |
| CVE-2020-15786 | 2020-09-09 | A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16),... |
| CVE-2020-15787 | 2020-09-09 | A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match... |
| CVE-2020-15788 | 2020-09-09 | A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a... |
| CVE-2020-15789 | 2020-09-09 | A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing... |
| CVE-2020-15790 | 2020-09-09 | A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing... |
| CVE-2020-15791 | 2020-09-09 | A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC... |
| CVE-2020-1912 | 2020-09-09 | An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that... |
| CVE-2018-17765 | 2020-09-09 | Ingenico Telium 2 POS terminals have undeclared TRACE protocol commands. This is fixed in Telium 2 SDK v9.32.03 patch N. |
| CVE-2018-17766 | 2020-09-09 | Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. |
| CVE-2018-17767 | 2020-09-09 | Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. |
| CVE-2018-17768 | 2020-09-09 | Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. |
| CVE-2018-17769 | 2020-09-09 | Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. |
| CVE-2018-17770 | 2020-09-09 | Ingenico Telium 2 POS terminals have a buffer overflow via the RemotePutFile command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. |
| CVE-2018-17771 | 2020-09-09 | Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. |
| CVE-2018-17772 | 2020-09-09 | Ingenico Telium 2 POS terminals allow arbitrary code execution via the TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. |
| CVE-2018-17773 | 2020-09-09 | Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK in the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. |
| CVE-2018-17774 | 2020-09-09 | Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. |
| CVE-2020-1913 | 2020-09-09 | An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted... |
| CVE-2020-15903 | 2020-09-09 | An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios... |
| CVE-2020-25219 | 2020-09-09 | url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character.... |
| CVE-2020-15173 | 2020-09-09 | Heap buffer overflow in ACCEL-PPP |
| CVE-2020-13920 | 2020-09-10 | Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call... |
| CVE-2020-25220 | 2020-09-10 | The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is... |
| CVE-2020-24655 | 2020-09-10 | A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android allows a user to potentially approve/deny an access request prior to unlocking the application with a... |
| CVE-2020-24552 | 2020-09-10 | Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection |
| CVE-2020-7312 | 2020-09-10 | DLL Search Order Hijacking in MA for Windows |
| CVE-2020-7311 | 2020-09-10 | Privilege Escalation vulnerability in MA for Windows |
| CVE-2020-7314 | 2020-09-10 | Privilege Escalation vulnerability in McAfee DXL for Mac |
| CVE-2020-7315 | 2020-09-10 | DLL Injection vulnerability in MA for Windows |
| CVE-2020-24739 | 2020-09-10 | A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will... |
| CVE-2020-25221 | 2020-09-10 | get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that... |
| CVE-2020-5780 | 2020-09-10 | Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated attacker to conduct unauthenticated email forgery/spoofing. |
| CVE-2020-6097 | 2020-09-10 | An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An... |
| CVE-2020-8758 | 2020-09-10 | Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation... |
| CVE-2020-10773 | 2020-09-10 | A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user... |
| CVE-2020-24582 | 2020-09-10 | Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface. |
| CVE-2018-17145 | 2020-09-10 | Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE:... |
| CVE-2020-9740 | 2020-09-10 | Stored XSS in AEM Design Importer Component |
| CVE-2020-9733 | 2020-09-10 | Sensitive information disclosure possible in AEM |
| CVE-2020-9737 | 2020-09-10 | Stored XSS in AEM's Content Repository Development Environment |
| CVE-2020-9738 | 2020-09-10 | Stored XSS in AEM's Content Repository Development Environment |
| CVE-2020-9732 | 2020-09-10 | Stored XSS in AEM Sites Components |
| CVE-2020-9735 | 2020-09-10 | Stored XSS in AEM's Content Repository Development Environment |
| CVE-2020-17408 | 2020-09-10 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... |
| CVE-2020-9736 | 2020-09-10 | Stored XSS in AEM's Content Repository Development Environment |
| CVE-2020-9741 | 2020-09-10 | Stored XSS in AEM Forms Components |
| CVE-2020-9742 | 2020-09-10 | Reflected XSS in AEM Inbox module |
| CVE-2020-9734 | 2020-09-10 | Stored XSS in AEM Forms component |
| CVE-2020-9743 | 2020-09-10 | HTML injection in AEM's content editor component |
| CVE-2020-14198 | 2020-09-10 | Bitcoin Core 0.20.0 allows remote denial of service. |
| CVE-2020-4578 | 2020-09-10 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2020-15024 | 2020-09-10 | An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after... |
| CVE-2020-11998 | 2020-09-10 | A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves... |
| CVE-2020-15168 | 2020-09-10 | File size limit bypass in node-fetch |
| CVE-2020-9728 | 2020-09-10 | Out-of-bounds memory access could lead to code execution |
| CVE-2020-9731 | 2020-09-10 | Out-of-bounds memory access could lead to code execution |
| CVE-2020-9730 | 2020-09-10 | Out-of-bounds memory access could lead to code execution |
| CVE-2020-9729 | 2020-09-10 | Out-of-bounds memory access could lead to code execution |
| CVE-2020-9727 | 2020-09-10 | Out-of-bounds memory access could lead to code execution |
| CVE-2020-9725 | 2020-09-10 | FrameMaker File Parsing Stack-based Buffer Overflow |
| CVE-2020-9726 | 2020-09-10 | FrameMaker File Parsing Out-Of-Bounds Read Vulnerability |
| CVE-2020-15170 | 2020-09-10 | Missing access control in apollo-adminservice |
| CVE-2020-15171 | 2020-09-10 | Users with SCRIPT rights can execute arbitrary code in XWiki |
| CVE-2014-1420 | 2020-09-10 | Insecure temp file usage in Ubuntu UI toolkit |
| CVE-2020-1045 | 2020-09-11 | Microsoft ASP.NET Core Security Feature Bypass Vulnerability |
| CVE-2020-14330 | 2020-09-11 | An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an... |
| CVE-2020-25260 | 2020-09-11 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary... |
| CVE-2020-25259 | 2020-09-11 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an... |
| CVE-2020-25258 | 2020-09-11 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner... |
| CVE-2020-25257 | 2020-09-11 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access... |
| CVE-2020-25256 | 2020-09-11 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that... |
| CVE-2020-25255 | 2020-09-11 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a... |
| CVE-2020-25254 | 2020-09-11 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by... |
| CVE-2020-25253 | 2020-09-11 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by... |
| CVE-2020-25252 | 2020-09-11 | An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log... |
| CVE-2020-25251 | 2020-09-11 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions... |
| CVE-2020-25250 | 2020-09-11 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to... |
| CVE-2020-25249 | 2020-09-11 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. The server typically logs activity only when... |
| CVE-2020-25248 | 2020-09-11 | An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files,... |
| CVE-2020-25247 | 2020-09-11 | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter. |
| CVE-2020-25269 | 2020-09-11 | An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules,... |
| CVE-2019-20918 | 2020-09-11 | An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server... |
| CVE-2019-20917 | 2020-09-11 | An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined... |
| CVE-2020-24164 | 2020-09-11 | A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is possible for an attacker to create a malicious payload that, when deserialized, will allow arbitrary... |
| CVE-2020-16218 | 2020-09-11 | Philips Patient Monitoring Devices Cross-site Scripting |
| CVE-2020-16214 | 2020-09-11 | Philips Patient Monitoring Devices Improper Neutralization of Formula Elements in a CSV File |
| CVE-2020-16222 | 2020-09-11 | Philips Patient Monitoring Devices Improper Authentication |
| CVE-2020-16228 | 2020-09-11 | Philips Patient Monitoring Devices Improper Check for Certificate Revocation |
| CVE-2020-16224 | 2020-09-11 | Philips Patient Monitoring Devices Improper Handling of Length Parameter Inconsistency |
| CVE-2020-16216 | 2020-09-11 | Philips Patient Monitoring Devices Improper Input Validation |
| CVE-2020-15802 | 2020-09-11 | Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a... |
| CVE-2020-16220 | 2020-09-11 | Philips Patient Monitoring Devices Improper Validation of Syntactic Correctness of Input |
| CVE-2020-16212 | 2020-09-11 | Philips Patient Monitoring Devices Exposure of Resource to Wrong Sphere |
| CVE-2020-9239 | 2020-09-11 | Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier than 8.0.0.123(C567),versions earlier than 8.0.0.123(C797);BLA-TL00B versions earlier than 8.1.0.326(C01);Berkeley-L09 versions earlier than 8.0.0.163(C10),versions earlier than 8.0.0.163(C432),Versions earlier than 8.0.0.163(C636),Versions earlier than 8.0.0.172(C10);Duke-L09 versions Duke-L09C10B187,... |
| CVE-2020-11991 | 2020-09-11 | When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. |
| CVE-2020-14096 | 2020-09-11 | Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. |