Vulnerabilities (CVE)

Filtered by CWE-863
Total 1628 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25167 1 Osisoft 1 Pi Vision 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.
CVE-2020-25055 1 Google 1 Android 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 (August 2020).
CVE-2020-25025 1 Localization Manager Project 1 Localization Manager 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields).
CVE-2020-24941 1 Laravel 1 Laravel 2024-11-21 4.3 MEDIUM 7.5 HIGH
An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions.
CVE-2020-24771 1 Nexusphp 1 Nexusphp 2024-11-21 5.0 MEDIUM 7.5 HIGH
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.
CVE-2020-24716 2 Freebsd, Openzfs 2 Freebsd, Openzfs 2024-11-21 4.6 MEDIUM 7.8 HIGH
OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories.
CVE-2020-24674 1 Abb 2 Symphony \+ Historian, Symphony \+ Operations 2024-11-21 9.0 HIGH 8.8 HIGH
In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines.
CVE-2020-24401 1 Magento 1 Magento 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect authorization vulnerability. A user can still access resources provisioned under their old role after an administrator removes the role or disables the user's account.
CVE-2020-24264 1 Portainer 1 Portainer 2024-11-21 10.0 HIGH 9.8 CRITICAL
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover.
CVE-2020-21990 1 Domoticz 1 Mydomoathome 2024-11-21 5.0 MEDIUM 7.5 HIGH
Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
CVE-2020-21124 1 Ureport Project 1 Ureport 2024-11-21 7.5 HIGH 9.8 CRITICAL
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
CVE-2020-20471 1 White Shark Systems Project 1 White Shark Systems 2024-11-21 9.0 HIGH 8.8 HIGH
White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges.
CVE-2020-20466 1 White Shark Systems Project 1 White Shark Systems 2024-11-21 7.5 HIGH 9.8 CRITICAL
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user.
CVE-2020-1998 1 Paloaltonetworks 1 Pan-os 2024-11-21 6.5 MEDIUM 5.4 MEDIUM
An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0.
CVE-2020-1831 1 Huawei 2 Mate 20, Mate 20 Firmware 2024-11-21 1.9 LOW 2.4 LOW
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC.
CVE-2020-1796 1 Huawei 4 Mate 20, Mate 20 Firmware, Mate 30 Pro and 1 more 2024-11-21 4.6 MEDIUM 6.6 MEDIUM
There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).
CVE-2020-1729 1 Redhat 1 Smallrye Config 2024-11-21 2.1 LOW 4.4 MEDIUM
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2
CVE-2020-1725 1 Redhat 1 Keycloak 2024-11-21 5.5 MEDIUM 5.4 MEDIUM
A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.
CVE-2020-19765 1 Proofofdiligencetoken Project 1 Proofofdiligencetoken 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack.
CVE-2020-19551 1 Wuzhicms 1 Wuzhicms 2024-11-21 6.5 MEDIUM 8.8 HIGH
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.