Total
1418 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-12053 | 1 Unisys | 1 Stealth | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key. | |||||
CVE-2020-13263 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | |||||
CVE-2020-4446 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126. | |||||
CVE-2020-10239 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users. | |||||
CVE-2020-17448 | 1 Telegram | 1 Telegram Desktop | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension. | |||||
CVE-2020-5333 | 1 Rsa | 1 Archer | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information. | |||||
CVE-2020-12391 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76. | |||||
CVE-2020-4026 | 1 Atlassian | 1 Navigator Links | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. | |||||
CVE-2020-10534 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled. | |||||
CVE-2018-21082 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 8.4 HIGH |
An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the "Use screen lock type to unpin" option. The Samsung ID is SVE-2017-11106 (February 2018). | |||||
CVE-2020-3522 | 1 Cisco | 1 Data Center Network Manager | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device and access sensitive information that is related to the device. The vulnerability exists because the affected software allows users to access resources that are intended for administrators only. An attacker could exploit this vulnerability by submitting a crafted URL to an affected device. A successful exploit could allow the attacker to add, delete, and edit certain network configurations in the same manner as a user with administrative privileges. | |||||
CVE-2020-3811 | 3 Canonical, Debian, Netqmail | 3 Ubuntu Linux, Debian Linux, Netqmail | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. | |||||
CVE-2020-14196 | 1 Powerdns | 1 Recursor | 2024-02-28 | 4.3 MEDIUM | 5.3 MEDIUM |
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. | |||||
CVE-2020-7499 | 1 Schneider-electric | 12 Mtn6260-0310, Mtn6260-0310 Firmware, Mtn6260-0315 and 9 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes. | |||||
CVE-2020-0115 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150038428 | |||||
CVE-2020-13277 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | |||||
CVE-2020-15126 | 1 Parseplatform | 1 Parse Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object. | |||||
CVE-2020-5279 | 1 Prestashop | 1 Prestashop | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5 | |||||
CVE-2020-1831 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2024-02-28 | 1.9 LOW | 2.4 LOW |
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC. | |||||
CVE-2020-14214 | 1 Zammad | 1 Zammad | 2024-02-28 | 5.8 MEDIUM | 6.5 MEDIUM |
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization. |