Total
1780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10239 | 1 Joomla | 1 Joomla\! | 2024-08-04 | 8.8 High |
| An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users. | ||||
| CVE-2020-9712 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-08-04 | 5.5 Medium |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | ||||
| CVE-2020-9492 | 3 Apache, Oracle, Redhat | 5 Hadoop, Solr, Financial Services Crime And Compliance Management Studio and 2 more | 2024-08-04 | 8.8 High |
| In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. | ||||
| CVE-2020-9381 | 1 Totaljs | 1 Total.js Cms | 2024-08-04 | 7.5 High |
| controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954. | ||||
| CVE-2020-8919 | 1 Google | 1 Gerrit | 2024-08-04 | 3.5 Low |
| An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access. | ||||
| CVE-2020-8806 | 1 Electriccoin | 1 Zcashd | 2024-08-04 | 7.5 High |
| Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced. | ||||
| CVE-2020-8278 | 1 Nextcloud | 1 Social | 2024-08-04 | 5.3 Medium |
| Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. | ||||
| CVE-2020-8212 | 1 Citrix | 1 Xenmobile Server | 2024-08-04 | 9.8 Critical |
| Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality. | ||||
| CVE-2020-8151 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Active Resource | 2024-08-04 | 7.5 High |
| There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information. | ||||
| CVE-2020-8142 | 1 Revive-adserver | 1 Revive Adserver | 2024-08-04 | 6.8 Medium |
| A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the “pwold” parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided. | ||||
| CVE-2020-8119 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.3 Medium |
| Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | ||||
| CVE-2020-8086 | 2 Debian, Prosody | 3 Debian Linux, Mod Auth Ldap, Mod Auth Ldap2 | 2024-08-04 | 9.8 Critical |
| The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. | ||||
| CVE-2020-7955 | 1 Hashicorp | 1 Consul | 2024-08-04 | 5.3 Medium |
| HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. | ||||
| CVE-2020-7921 | 1 Mongodb | 1 Mongodb | 2024-08-04 | 4.6 Medium |
| Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18. | ||||
| CVE-2020-7583 | 1 Siemens | 1 Automation License Manager | 2024-08-04 | 7.8 High |
| A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing. | ||||
| CVE-2020-7499 | 1 Schneider-electric | 12 Mtn6260-0310, Mtn6260-0310 Firmware, Mtn6260-0315 and 9 more | 2024-08-04 | 6.5 Medium |
| A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes. | ||||
| CVE-2020-7300 | 1 Mcafee | 1 Data Loss Prevention | 2024-08-04 | 4.6 Medium |
| Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages. | ||||
| CVE-2020-7251 | 1 Mcafee | 1 Endpoint Security | 2024-08-04 | 5 Medium |
| Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS. | ||||
| CVE-2020-6752 | 1 Openmicroscopy | 1 Omero | 2024-08-04 | 3.8 Low |
| In OMERO before 5.6.1, group owners can access members' data in other groups. | ||||
| CVE-2020-6380 | 3 Fedoraproject, Google, Redhat | 3 Fedora, Chrome, Rhel Extras | 2024-08-04 | 8.8 High |
| Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension. | ||||