CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2020-17396 190 Exec Code Overflow 2020-08-25 2020-08-28
4.6
None Local Low Not required Partial Partial Partial
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11217.
202 CVE-2020-17395 191 Exec Code 2020-08-25 2020-08-28
4.6
None Local Low Not required Partial Partial Partial
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the prl_naptd process. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11134.
203 CVE-2020-17394 129 Exec Code +Info 2020-08-25 2020-08-31
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the OEMNet component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11132.
204 CVE-2020-17393 20 Exec Code +Info 2020-08-25 2020-08-28
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result a pointer to be leaked after the handler is done. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10520.
205 CVE-2020-17392 822 Exec Code 2020-08-25 2020-08-28
4.6
None Local Low Not required Partial Partial Partial
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_SET_KERNEL_SYMBOLS in the prl_hypervisor kext. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10519.
206 CVE-2020-17391 749 Exec Code +Info 2020-08-25 2020-08-31
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_INIT_HYPERVISOR in the prl_hypervisor kext. The issue results from the exposure of dangerous method or function to the unprivileged user. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10518.
207 CVE-2020-17390 125 Exec Code 2020-08-25 2020-09-03
4.6
None Local Low Not required Partial Partial Partial
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the hypervisor kernel extension. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10030.
208 CVE-2020-17389 22 Exec Code Dir. Trav. Bypass 2020-08-25 2020-08-28
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10502.
209 CVE-2020-17388 749 Exec Code Bypass 2020-08-25 2020-08-28
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat configuration file. The issue results from the lack of proper restriction to the Tomcat admin console. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10799.
210 CVE-2020-17387 22 Exec Code Dir. Trav. Bypass 2020-08-25 2020-08-28
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the writeObjectToConfigFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10565.
211 CVE-2020-17386 918 2020-08-25 2020-08-26
4.0
None Remote Low ??? Partial None None
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.
212 CVE-2020-17385 22 Dir. Trav. 2020-08-25 2020-08-27
5.0
None Remote Low Not required Partial None None
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.
213 CVE-2020-17384 78 Exec Code 2020-08-25 2020-08-27
9.0
None Remote Low ??? Complete Complete Complete
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.
214 CVE-2020-17376 611 2020-08-26 2020-09-14
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.
215 CVE-2020-17373 89 Sql 2020-08-12 2020-10-28
3.5
None Remote Medium ??? Partial None None
SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.
216 CVE-2020-17372 79 XSS 2020-08-12 2020-08-13
3.5
None Remote Medium ??? None Partial None
SugarCRM before 10.1.0 (Q3 2020) allows XSS.
217 CVE-2020-17368 78 2020-08-11 2021-01-10
7.5
None Remote Low Not required Partial Partial Partial
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
218 CVE-2020-17367 88 2020-08-11 2022-04-28
4.6
None Local Low Not required Partial Partial Partial
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.
219 CVE-2020-17366 295 DoS Bypass 2020-08-05 2020-10-19
5.8
None Remote Medium Not required None Partial Partial
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view.
220 CVE-2020-17364 79 XSS 2020-08-05 2020-08-11
4.3
None Remote Medium Not required None Partial None
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.
221 CVE-2020-17362 79 XSS 2020-08-12 2020-08-13
4.3
None Remote Medium Not required None Partial None
search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
222 CVE-2020-17361 755 2020-08-12 2021-12-16
4.3
None Remote Medium Not required None Partial None
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h returns silently when a negative length is provided (instead of throwing an exception). This could result in data being lost during the copy, with varying consequences depending on the subsequent use of the destination buffer. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
223 CVE-2020-17360 125 Overflow Bypass 2020-08-12 2021-12-16
6.8
None Remote Medium Not required Partial Partial Partial
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks contain an integer overflow that leads to a bypass of these checks, and out-of-bounds read/write. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
224 CVE-2020-17353 2020-08-05 2020-09-22
7.5
None Remote Low Not required Partial Partial Partial
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
225 CVE-2020-17352 78 Exec Code 2020-08-07 2020-08-12
6.5
None Remote Low ??? Partial Partial Partial
Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code.
226 CVE-2020-16847 79 XSS 2020-08-04 2020-08-11
4.3
None Remote Medium Not required None Partial None
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
227 CVE-2020-16845 835 2020-08-06 2021-06-14
5.0
None Remote Low Not required None None Partial
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
228 CVE-2020-16843 DoS 2020-08-04 2020-08-19
4.3
None Remote Medium Not required None None Partial
In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on which the issue is triggered.
229 CVE-2020-16610 352 CSRF 2020-08-28 2020-09-02
4.3
None Remote Medium Not required None Partial None
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.
230 CVE-2020-16310 369 DoS 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
231 CVE-2020-16309 787 DoS Overflow 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.
232 CVE-2020-16308 787 DoS Overflow 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
233 CVE-2020-16307 476 DoS 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
234 CVE-2020-16306 476 DoS 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51.
235 CVE-2020-16305 787 DoS Overflow 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
236 CVE-2020-16304 787 Overflow 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.
237 CVE-2020-16303 416 2020-08-13 2022-06-29
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.
238 CVE-2020-16302 120 Overflow 2020-08-13 2022-06-29
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51.
239 CVE-2020-16301 120 DoS Overflow 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
240 CVE-2020-16300 787 DoS Overflow 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
241 CVE-2020-16299 369 DoS 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
242 CVE-2020-16298 120 DoS Overflow 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
243 CVE-2020-16297 787 DoS Overflow 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
244 CVE-2020-16296 787 DoS Overflow 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
245 CVE-2020-16295 476 DoS 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
246 CVE-2020-16294 120 DoS Overflow 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
247 CVE-2020-16293 476 DoS 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
248 CVE-2020-16292 787 DoS Overflow 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
249 CVE-2020-16291 787 DoS Overflow 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
250 CVE-2020-16290 787 DoS Overflow 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
Total number of vulnerabilities : 1155   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.