CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2020-9311 79 XSS 2020-07-15 2020-07-22
3.5
None Remote Medium ??? None Partial None
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
752 CVE-2020-9309 434 Exec Code 2020-07-15 2020-07-24
6.8
None Remote Medium Not required Partial Partial Partial
Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Uploads stored as protected or draft files are allowed by default for authorised users only, but can also be enabled through custom logic as well as modules such as silverstripe/userforms. Sites using the previously optional silverstripe/mimevalidator module can configure MIME whitelists rather than extension whitelists, and hence prevent this issue. Sites on the Common Web Platform (CWP) use this module by default, and are not affected.
753 CVE-2020-9297 74 2020-07-14 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.
754 CVE-2020-9262 416 Exec Code 2020-07-06 2020-07-09
6.8
None Remote Medium Not required Partial Partial Partial
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with high privilege, successful exploit could cause code execution.
755 CVE-2020-9261 843 Exec Code 2020-07-06 2020-07-09
6.8
None Remote Medium Not required Partial Partial Partial
HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have a type confusion vulnerability. The system does not properly check and transform the type of certain variable, the attacker tricks the user into installing then running a crafted application, successful exploit could cause code execution.
756 CVE-2020-9260 200 +Info 2020-07-10 2021-07-21
3.3
None Local Network Low Not required Partial None None
HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E22R2P5) and versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain WI-FI function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure.
757 CVE-2020-9259 287 2020-07-17 2020-07-22
4.3
None Remote Medium Not required Partial None None
Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability. The system does not sufficiently validate certain parameter passed from the bottom level, the attacker should trick the user into installing a malicious application and control the bottom level, successful exploit could cause information disclosure.
758 CVE-2020-9258 200 +Info 2020-07-10 2021-07-21
1.9
None Local Medium Not required Partial None None
HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper input verification vulnerability. An attribution in a module is not set correctly and some verification is lacked. Attackers with local access can exploit this vulnerability by injecting malicious fragment. This may lead to user information leak.
759 CVE-2020-9257 120 Exec Code Overflow 2020-07-17 2020-07-22
6.8
None Remote Medium Not required Partial Partial Partial
HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution.
760 CVE-2020-9256 2020-07-18 2020-07-24
4.3
None Remote Medium Not required None None Partial
Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability. The system does not properly restrict the use of system service by applications, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of audio service.
761 CVE-2020-9255 20 DoS 2020-07-17 2020-07-22
4.3
None Remote Medium Not required None None Partial
Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E178R1P4) have a denial of service vulnerability. Certain service in the system does not sufficiently validate certain parameter which is received, the attacker should trick the user into installing a malicious application, successful exploit could cause a denial of service condition.
762 CVE-2020-9254 74 Exec Code 2020-07-17 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. A logic error occurs when the software checking the size of certain parameter, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution.
763 CVE-2020-9252 22 Dir. Trav. 2020-07-17 2020-07-22
2.1
None Local Low Not required None Partial None
HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path.
764 CVE-2020-9251 287 Bypass 2020-07-27 2021-07-21
2.1
None Local Low Not required None Partial None
HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have an improper authorization vulnerability. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8).
765 CVE-2020-9249 20 DoS 2020-07-31 2021-07-21
3.3
None Local Network Low Not required None None Partial
HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have a denial of service vulnerability. A module does not deal with mal-crafted messages and it leads to memory leak. Attackers can exploit this vulnerability to make the device denial of service.Affected product versions include: HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11).
766 CVE-2020-9248 863 2020-07-31 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service.
767 CVE-2020-9227 909 2020-07-17 2020-07-22
4.3
None Remote Medium Not required None None Partial
Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. An attacker tricks the user into installing then running a crafted application. Due to improper initialization of specific parameters, successful exploit of this vulnerability may cause device exceptions.
768 CVE-2020-9226 347 2020-07-06 2020-07-09
4.3
None Remote Medium Not required None Partial None
HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an improper signature verification vulnerability. The system does not improper check signature of specific software package, an attacker may exploit this vulnerability to load a crafted software package to the device.
769 CVE-2020-9102 200 +Info 2020-07-17 2021-07-21
2.1
None Local Low Not required Partial None None
There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. The vulnerability is due to the improper management of the username. An attacker with the ability to access the device and cause the username information leak. Affected product versions include: CloudEngine 12800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 5800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 versions V200R002C50SPC800, V200R003C00SPC810, V200R005C00SPC800, V200R005C10SPC800, V200R019C00SPC800
770 CVE-2020-9101 787 2020-07-18 2020-07-24
3.3
None Local Network Low Not required None None Partial
There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Affected product versions include: IPS Module versions V500R005C00, V500R005C10; NGFW Module versions V500R005C00, V500R005C10; Secospace USG6300 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6600 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; USG9500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10
771 CVE-2020-9100 426 2020-07-06 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing.
772 CVE-2020-9077 200 +Info 2020-07-27 2021-07-21
4.3
None Remote Medium Not required Partial None None
HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R2P11) have an information exposure vulnerability. The system does not properly authenticate the application that access a specified interface. Attackers can trick users into installing malicious software to exploit this vulnerability and obtain some information about the device. Successful exploit may cause information disclosure.
773 CVE-2020-8958 78 Exec Code 2020-07-15 2020-07-22
9.0
None Remote Low ??? Complete Complete Complete
Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field.
774 CVE-2020-8916 401 2020-07-07 2020-07-16
2.1
None Local Low Not required None None Partial
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to restrict access in your debug environments.
775 CVE-2020-8663 400 2020-07-01 2020-07-08
5.0
None Remote Low Not required None None Partial
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
776 CVE-2020-8559 601 2020-07-22 2020-08-10
6.0
None Remote Medium ??? Partial Partial Partial
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
777 CVE-2020-8558 287 2020-07-27 2022-01-01
5.8
None Local Network Low Not required Partial Partial Partial
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.
778 CVE-2020-8557 400 2020-07-23 2020-08-21
2.1
None Local Low Not required None None Partial
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.
779 CVE-2020-8553 610 2020-07-29 2020-08-04
4.9
None Remote Medium ??? Partial Partial None
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.
780 CVE-2020-8521 89 Sql 2020-07-07 2020-07-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
781 CVE-2020-8520 89 Sql 2020-07-07 2020-07-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
782 CVE-2020-8519 89 Sql 2020-07-07 2020-07-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql
783 CVE-2020-8326 428 Exec Code 2020-07-24 2020-07-29
6.9
None Local Medium Not required Complete Complete Complete
An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
784 CVE-2020-8317 426 Exec Code 2020-07-24 2020-07-29
6.9
None Local Medium Not required Complete Complete Complete
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
785 CVE-2020-8222 22 Dir. Trav. 2020-07-30 2020-08-04
4.0
None Remote Low ??? Partial None None
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting.
786 CVE-2020-8221 22 Dir. Trav. 2020-07-30 2020-08-04
4.0
None Remote Low ??? Partial None None
A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface.
787 CVE-2020-8220 400 DoS 2020-07-30 2020-08-04
5.5
None Remote Low ??? None Partial Partial
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
788 CVE-2020-8219 276 2020-07-30 2020-08-05
4.0
None Remote Low ??? Partial None None
An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to change the password of a full administrator.
789 CVE-2020-8218 94 Exec Code 2020-07-30 2020-09-01
6.5
None Remote Low ??? Partial Partial Partial
A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.
790 CVE-2020-8217 79 XSS 2020-07-30 2020-07-31
3.5
None Remote Medium ??? None Partial None
A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.
791 CVE-2020-8216 2020-07-30 2021-09-23
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.
792 CVE-2020-8215 120 DoS Exec Code Overflow 2020-07-20 2020-07-23
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.
793 CVE-2020-8214 22 Dir. Trav. 2020-07-20 2020-07-22
5.0
None Remote Low Not required Partial None None
A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file.
794 CVE-2020-8213 209 2020-07-30 2020-08-05
5.0
None Remote Low Not required Partial None None
An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attackers access to valid usernames for the UniFi Protect web application via HTTP response code and response timing.
795 CVE-2020-8207 287 Exec Code 2020-07-24 2020-07-29
6.0
None Remote Medium ??? Partial Partial Partial
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.
796 CVE-2020-8206 287 Bypass 2020-07-30 2020-08-20
6.8
None Remote Medium Not required Partial Partial Partial
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
797 CVE-2020-8205 918 2020-07-20 2020-07-23
5.0
None Remote Low Not required Partial None None
The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.
798 CVE-2020-8204 79 XSS 2020-07-30 2020-07-31
4.3
None Remote Medium Not required None Partial None
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
799 CVE-2020-8203 1321 2020-07-15 2022-05-12
5.8
None Remote Medium Not required None Partial Partial
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
800 CVE-2020-8202 307 DoS 2020-07-30 2020-08-03
5.0
None Remote Low Not required None None Partial
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password.
Total number of vulnerabilities : 1418   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21 22 23 24 25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.