CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2020-16289 787 DoS Overflow 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
252 CVE-2020-16288 120 DoS Overflow 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
253 CVE-2020-16287 787 DoS Overflow 2020-08-13 2020-08-31
4.3
None Remote Medium Not required None None Partial
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
254 CVE-2020-16282 78 Exec Code 2020-08-20 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. This may allow a local attacker to break out of the restricted environment or inject malicious code into the application and fully compromise the operating system.
255 CVE-2020-16281 116 Exec Code 2020-08-20 2020-08-26
4.6
None Local Low Not required Partial Partial Partial
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible.
256 CVE-2020-16280 522 2020-08-20 2020-08-26
2.1
None Local Low Not required Partial None None
Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating system.
257 CVE-2020-16279 20 Exec Code 2020-08-20 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to Remote Code Execution due to untrusted user supplied input being passed to the command line without sanitization.
258 CVE-2020-16278 79 XSS 2020-08-10 2020-08-11
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
259 CVE-2020-16277 89 Sql 2020-08-10 2020-08-11
6.5
None Remote Low ??? Partial Partial Partial
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
260 CVE-2020-16276 89 Sql 2020-08-10 2020-08-11
6.5
None Remote Low ??? Partial Partial Partial
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
261 CVE-2020-16275 79 XSS 2020-08-10 2020-08-11
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
262 CVE-2020-16272 20 2020-08-03 2020-08-07
6.4
None Remote Low Not required Partial Partial None
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection.
263 CVE-2020-16271 330 2020-08-03 2020-08-07
6.4
None Remote Low Not required Partial Partial None
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.
264 CVE-2020-16269 20 2020-08-03 2021-07-21
4.3
None Remote Medium Not required None None Partial
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.
265 CVE-2020-16266 79 Exec Code XSS 2020-08-12 2020-08-17
3.5
None Remote Medium ??? None Partial None
An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on view_all_bug_page.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue (if CSP settings allow it).
266 CVE-2020-16254 74 2020-08-05 2020-08-06
4.3
None Remote Medium Not required None Partial None
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).
267 CVE-2020-16253 352 CSRF 2020-08-05 2020-08-05
5.8
None Remote Medium Not required None Partial Partial
The PgHero gem through 2.6.0 for Ruby allows CSRF.
268 CVE-2020-16252 352 CSRF 2020-08-05 2020-08-05
4.3
None Remote Medium Not required None Partial None
The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF.
269 CVE-2020-16251 287 Bypass 2020-08-26 2020-10-06
7.5
None Remote Low Not required Partial Partial Partial
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
270 CVE-2020-16250 345 Bypass 2020-08-26 2022-04-28
7.5
None Remote Low Not required Partial Partial Partial
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
271 CVE-2020-16248 918 2020-08-09 2020-08-12
5.0
None Remote Low Not required Partial None None
** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability.
272 CVE-2020-16245 22 Exec Code Dir. Trav. 2020-08-25 2020-08-31
7.5
None Remote Low Not required Partial Partial Partial
Advantech iView, Versions 5.7 and prior. The affected product is vulnerable to path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.
273 CVE-2020-16241 863 2020-08-21 2021-11-22
2.1
None Local Low Not required None None Partial
Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
274 CVE-2020-16239 287 2020-08-21 2020-08-27
4.0
None Remote Low ??? Partial None None
Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.
275 CVE-2020-16237 20 2020-08-21 2020-08-27
2.1
None Local Low Not required None None Partial
Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
276 CVE-2020-16229 843 Exec Code 2020-08-06 2020-08-10
6.8
None Remote Medium Not required Partial Partial Partial
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
277 CVE-2020-16227 20 Exec Code 2020-08-07 2021-11-22
6.8
None Remote Medium Not required Partial Partial Partial
Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
278 CVE-2020-16225 787 Exec Code 2020-08-07 2020-08-10
6.8
None Remote Medium Not required Partial Partial Partial
Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
279 CVE-2020-16223 787 Exec Code Overflow 2020-08-07 2020-08-10
6.8
None Remote Medium Not required Partial Partial Partial
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
280 CVE-2020-16221 787 Exec Code Overflow 2020-08-07 2020-08-10
6.8
None Remote Medium Not required Partial Partial Partial
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
281 CVE-2020-16219 125 Exec Code 2020-08-07 2020-08-10
6.8
None Remote Medium Not required Partial Partial Partial
Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
282 CVE-2020-16217 415 Exec Code 2020-08-06 2020-08-10
6.8
None Remote Medium Not required Partial Partial Partial
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash.
283 CVE-2020-16215 20 Exec Code Overflow 2020-08-06 2021-11-22
9.3
None Remote Medium Not required Complete Complete Complete
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
284 CVE-2020-16213 787 Exec Code 2020-08-06 2020-08-10
6.8
None Remote Medium Not required Partial Partial Partial
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
285 CVE-2020-16211 125 2020-08-06 2020-08-10
4.3
None Remote Medium Not required Partial None None
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information.
286 CVE-2020-16207 787 Exec Code Overflow 2020-08-06 2020-08-10
6.8
None Remote Medium Not required Partial Partial Partial
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
287 CVE-2020-16205 78 Exec Code 2020-08-14 2020-08-19
9.0
None Remote Low ??? Complete Complete Complete
Using a specially crafted URL command, a remote authenticated user can execute commands as root on the G-Cam and G-Code (Firmware Versions 1.12.0.25 and prior as well as the limited Versions 1.12.13.2 and 1.12.14.5).
288 CVE-2020-16203 824 Exec Code 2020-08-04 2020-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
289 CVE-2020-16201 125 2020-08-04 2020-08-06
4.3
None Remote Medium Not required Partial None None
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information.
290 CVE-2020-16199 787 Exec Code Overflow 2020-08-04 2020-08-06
6.8
None Remote Medium Not required Partial Partial Partial
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
291 CVE-2020-16197 295 2020-08-25 2020-08-31
4.0
None Remote Low ??? Partial None None
An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation.
292 CVE-2020-16193 79 XSS 2020-08-26 2020-09-02
3.5
None Remote Medium ??? None Partial None
osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.
293 CVE-2020-16192 79 XSS 2020-08-05 2020-08-06
4.3
None Remote Medium Not required None Partial None
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
294 CVE-2020-16170 798 2020-08-11 2020-09-02
7.5
None Remote Low Not required Partial Partial Partial
Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors.
295 CVE-2020-16169 287 +Priv Bypass 2020-08-07 2020-09-02
7.5
None Remote Low Not required Partial Partial Partial
Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi and have it automatically answer the attacker's calls, granting audio, video, and motor control via unspecified vectors.
296 CVE-2020-16168 346 2020-08-07 2020-09-02
4.3
None Remote Medium Not required None Partial None
Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors.
297 CVE-2020-16167 306 2020-08-07 2020-09-02
6.4
None Remote Low Not required Partial Partial None
Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified vectors.
298 CVE-2020-16145 79 XSS 2020-08-12 2020-09-24
4.3
None Remote Medium Not required None Partial None
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
299 CVE-2020-16142 20 2020-08-27 2021-07-21
2.9
None Local Network Medium Not required None None Partial
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.
300 CVE-2020-16139 20 2020-08-12 2021-07-21
7.8
None Remote Low Not required None None Complete
** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information.
Total number of vulnerabilities : 1155   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.