Total
1780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25699 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-04 | 7.5 High |
| In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. | ||||
| CVE-2020-25722 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-08-04 | 8.8 High |
| Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. | ||||
| CVE-2020-25701 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-04 | 5.3 Medium |
| If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. | ||||
| CVE-2020-25655 | 1 Redhat | 2 Acm, Advanced Cluster Management For Kubernetes | 2024-08-04 | 5.7 Medium |
| An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users without the correct permissions. Views created for an admin user would be made available for a short time to users with only view permission. In this short time window the user with view permission could read cluster secrets that should only be disclosed to admin users. | ||||
| CVE-2020-25564 | 1 Sapphireims | 1 Sapphireims | 2024-08-04 | 8.8 High |
| In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature. | ||||
| CVE-2020-25240 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-08-04 | 8.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unpriviledged users can access services when guessing the url. An attacker could impact availability, integrity and gain information from logs and templates of the service. | ||||
| CVE-2020-25284 | 4 Debian, Linux, Opensuse and 1 more | 4 Debian Linux, Linux Kernel, Leap and 1 more | 2024-08-04 | 4.1 Medium |
| The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | ||||
| CVE-2020-25239 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-08-04 | 8.8 High |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with unprivilege user rights. | ||||
| CVE-2020-25167 | 1 Osisoft | 1 Pi Vision | 2024-08-04 | 4.9 Medium |
| OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute. | ||||
| CVE-2020-25055 | 1 Google | 1 Android | 2024-08-04 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 (August 2020). | ||||
| CVE-2020-25025 | 1 Localization Manager Project | 1 Localization Manager | 2024-08-04 | 4.3 Medium |
| The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.0 for TYPO3 allows Information Disclosure (translatable fields). | ||||
| CVE-2020-24941 | 1 Laravel | 1 Laravel | 2024-08-04 | 7.5 High |
| An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions. | ||||
| CVE-2020-24771 | 1 Nexusphp | 1 Nexusphp | 2024-08-04 | 7.5 High |
| Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. | ||||
| CVE-2020-24716 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2024-08-04 | 7.8 High |
| OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. | ||||
| CVE-2020-24503 | 2 Intel, Redhat | 11 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 8 more | 2024-08-04 | 5.5 Medium |
| Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-24264 | 1 Portainer | 1 Portainer | 2024-08-04 | 9.8 Critical |
| Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover. | ||||
| CVE-2020-21990 | 1 Domoticz | 1 Mydomoathome | 2024-08-04 | 7.5 High |
| Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information. | ||||
| CVE-2020-21124 | 1 Ureport Project | 1 Ureport | 2024-08-04 | 9.8 Critical |
| UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. | ||||
| CVE-2020-20466 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-08-04 | 9.8 Critical |
| White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user. | ||||
| CVE-2020-20471 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-08-04 | 8.8 High |
| White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges. | ||||