Total
1418 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-25055 | 1 Google | 1 Android | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 (August 2020). | |||||
CVE-2020-5288 | 1 Prestashop | 1 Prestashop | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5. | |||||
CVE-2020-0981 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-28 | 4.6 MEDIUM | 8.8 HIGH |
A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'. | |||||
CVE-2020-10786 | 1 Vestacp | 1 Vesta Control Panel | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs. | |||||
CVE-2020-13284 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token | |||||
CVE-2020-3360 | 1 Cisco | 74 Unified Ip Phone 6901, Unified Ip Phone 6901 Firmware, Unified Ip Phone 6911 and 71 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device. | |||||
CVE-2020-7583 | 1 Siemens | 1 Automation License Manager | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing. | |||||
CVE-2018-21039 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018). | |||||
CVE-2020-3472 | 1 Cisco | 1 Webex Meetings Online | 2024-02-28 | 4.0 MEDIUM | 5.0 MEDIUM |
A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses. | |||||
CVE-2020-5287 | 1 Prestashop | 1 Prestashop | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5. | |||||
CVE-2020-3364 | 1 Cisco | 1 Ios Xr | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XR Software, which prevents the ACL from working when applied against the standby route processor management interface. An attacker could exploit this vulnerability by attempting to access the device through the standby route processor management interface. | |||||
CVE-2020-11707 | 1 Provideserver | 1 Provide Ftp Server | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in ProVide (formerly zFTPServer) through 13.1. It doesn't enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user (non-admin) can craft a Junction Link in a directory he has full control of, breaking out of the sandbox. | |||||
CVE-2020-15590 | 1 Privateinternetaccess | 1 Private Internet Access Vpn Client | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically. | |||||
CVE-2020-3386 | 1 Cisco | 1 Data Center Network Manager | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with a low-privileged account to bypass authorization on the API of an affected device. The vulnerability is due to insufficient authorization of certain API functions. An attacker could exploit this vulnerability by sending a crafted request to the API using low-privileged credentials. A successful exploit could allow the attacker to perform arbitrary actions through the REST API with administrative privileges. | |||||
CVE-2020-13313 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control. | |||||
CVE-2020-3413 | 1 Cisco | 1 Webex Meetings Online | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for requests to delete scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to delete a scheduled meeting template. A successful exploit could allow the attacker to delete a scheduled meeting template that belongs to a user other than themselves. | |||||
CVE-2020-3229 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user. | |||||
CVE-2020-7300 | 1 Mcafee | 1 Data Loss Prevention | 2024-02-28 | 4.0 MEDIUM | 6.3 MEDIUM |
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages. | |||||
CVE-2020-24941 | 1 Laravel | 1 Laravel | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions. | |||||
CVE-2020-0097 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139 |