Total
1418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5240 | 1 Labdigital | 1 Wagtail-2fa | 2024-02-28 | 5.5 MEDIUM | 8.5 HIGH |
| In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password. The problem has been patched in version 1.4.1. | |||||
| CVE-2020-15513 | 1 Mittwald | 1 Typo3 Forum | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control. | |||||
| CVE-2020-19005 | 1 Zrlog | 1 Zrlog | 2024-02-28 | 3.5 LOW | 5.7 MEDIUM |
| zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly. | |||||
| CVE-2020-24716 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. | |||||
| CVE-2020-25025 | 1 Localization Manager Project | 1 Localization Manager | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields). | |||||
| CVE-2020-1796 | 1 Huawei | 4 Mate 20, Mate 20 Firmware, Mate 30 Pro and 1 more | 2024-02-28 | 4.6 MEDIUM | 6.6 MEDIUM |
| There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | |||||
| CVE-2020-5372 | 1 Dell | 10 Emc Powerstore 1000, Emc Powerstore 1000 Firmware, Emc Powerstore 3000 and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment. | |||||
| CVE-2020-12691 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. | |||||
| CVE-2020-3227 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests for authorization tokens. An attacker could exploit this vulnerability by using a crafted API call to request such a token. An exploit could allow the attacker to obtain an authorization token and execute any of the IOx API commands on an affected device. | |||||
| CVE-2020-15110 | 1 Jupyterhub | 1 Kubespawner | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12. | |||||
| CVE-2020-12876 | 2 Microsoft, Veritas | 2 Windows, Aptare | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. | |||||
| CVE-2020-5275 | 1 Sensiolabs | 1 Symfony | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy. The accessDecisionManager is now called with all attributes at once, allowing the unanimous strategy being applied on each attribute. This issue is patched in versions 4.4.7 and 5.0.7. | |||||
| CVE-2020-7692 | 1 Google | 1 Oauth Client Library For Java | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0. | |||||
| CVE-2020-6752 | 1 Openmicroscopy | 1 Omero | 2024-02-28 | 5.5 MEDIUM | 3.8 LOW |
| In OMERO before 5.6.1, group owners can access members' data in other groups. | |||||
| CVE-2020-3150 | 1 Cisco | 4 Rv110w, Rv110w Firmware, Rv215w and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted. | |||||
| CVE-2020-25284 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2024-02-28 | 1.9 LOW | 4.1 MEDIUM |
| The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | |||||
| CVE-2020-8212 | 1 Citrix | 1 Xenmobile Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality. | |||||
| CVE-2020-8151 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Active Resource | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information. | |||||
| CVE-2020-1998 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0. | |||||
| CVE-2020-3140 | 1 Cisco | 1 Prime License Manager | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability. | |||||