Total
278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35658 | 1 Titanhq | 1 Spamtitan | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. | |||||
| CVE-2020-3267 | 1 Cisco | 1 Unified Contact Center Express | 2024-02-28 | 5.5 MEDIUM | 7.1 HIGH |
| A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by authenticating to an affected system with valid agent credentials and performing a specific API call with crafted input. A successful exploit could allow the attacker to change the availability state of an agent, potentially causing a denial of service condition. | |||||
| CVE-2019-20529 | 1 Frappe | 1 Frappe | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files. | |||||
| CVE-2020-11469 | 1 Zoom | 1 Meetings | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot. | |||||
| CVE-2020-11976 | 1 Apache | 2 Fortress, Wicket | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5 | |||||
| CVE-2019-7305 | 3 Canonical, Debian, Extplorer | 3 Ubuntu Linux, Debian Linux, Extplorer | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian | |||||
| CVE-2020-10516 | 1 Github | 1 Github | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2019-20593 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019). | |||||
| CVE-2020-24312 | 1 Webdesi9 | 1 File Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. | |||||
| CVE-2019-7306 | 2 Byobu, Canonical | 2 Byobu, Ubuntu Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu | |||||
| CVE-2020-12743 | 1 Gazie Project | 1 Gazie | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Gazie 7.32. A successful installation does not remove or block (or in any other way prevent use of) its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hidden_req POST parameter. | |||||
| CVE-2020-5356 | 1 Dell | 3 Powerprotect Data Manager, Powerprotect X400, Powerprotect X400 Firmware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. | |||||
| CVE-2020-4075 | 1 Electronjs | 1 Electron | 2024-02-28 | 2.1 LOW | 7.5 HIGH |
| In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. | |||||
| CVE-2020-5289 | 1 Elide | 1 Elide | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater. | |||||
| CVE-2020-12470 | 1 Mono | 1 Monox | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. | |||||
| CVE-2019-13941 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. | |||||
| CVE-2019-14273 | 1 Silverstripe | 1 Silverstripe | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In SilverStripe assets 4.0, there is broken access control on files. | |||||
| CVE-2020-5250 | 1 Prestashop | 1 Prestashop | 2024-02-28 | 4.9 MEDIUM | 6.3 MEDIUM |
| In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4. | |||||
| CVE-2019-4398 | 1 Ibm | 2 Cloud Orchestrator, Cloud Orchestrator Enterprise | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259. | |||||
| CVE-2020-3927 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2024-02-28 | 8.5 HIGH | 7.5 HIGH |
| An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | |||||