Total
1780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6362 | 1 Sap | 1 Banking Services | 2024-08-04 | 6.5 Medium |
| SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component. | ||||
| CVE-2020-6307 | 1 Sap | 1 Basis | 2024-08-04 | 4.3 Medium |
| Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. | ||||
| CVE-2020-6311 | 1 Sap | 2 Bank Analyzer, S\/4hana For Financial Products Subledger | 2024-08-04 | 6.5 Medium |
| Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data. | ||||
| CVE-2020-6214 | 1 Sap | 1 S\/4hana | 2024-08-04 | 4.7 Medium |
| SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system. | ||||
| CVE-2023-23751 | 1 Joomla | 1 Joomla\! | 2024-08-04 | 4.3 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | ||||
| CVE-2020-5242 | 1 Openhab | 1 Openhab | 2024-08-04 | 7.7 High |
| openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls. | ||||
| CVE-2020-5288 | 1 Prestashop | 1 Prestashop | 2024-08-04 | 4.1 Medium |
| "In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5. | ||||
| CVE-2020-5275 | 1 Sensiolabs | 1 Symfony | 2024-08-04 | 7.6 High |
| In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy. The accessDecisionManager is now called with all attributes at once, allowing the unanimous strategy being applied on each attribute. This issue is patched in versions 4.4.7 and 5.0.7. | ||||
| CVE-2020-5287 | 1 Prestashop | 1 Prestashop | 2024-08-04 | 4.1 Medium |
| In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5. | ||||
| CVE-2020-5240 | 1 Labdigital | 1 Wagtail-2fa | 2024-08-04 | 7.6 High |
| In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password. The problem has been patched in version 1.4.1. | ||||
| CVE-2020-5279 | 1 Prestashop | 1 Prestashop | 2024-08-04 | 4.1 Medium |
| In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5 | ||||
| CVE-2020-5293 | 1 Prestashop | 1 Prestashop | 2024-08-04 | 6.5 Medium |
| In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5. | ||||
| CVE-2020-5251 | 1 Parseplatform | 1 Parse-server | 2024-08-04 | 7.7 High |
| In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way. | ||||
| CVE-2020-5239 | 1 Mailu | 1 Mailu | 2024-08-04 | 8.7 High |
| In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All Docker images published on docker.io/mailu for tags 1.5, 1.6, 1.7 and master are patched. For detailed instructions about patching and securing the server afterwards, see https://github.com/Mailu/Mailu/issues/1354 | ||||
| CVE-2020-3852 | 1 Apple | 1 Safari | 2024-08-04 | 5.3 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website. | ||||
| CVE-2020-2258 | 1 Jenkins | 1 Health Advisor By Cloudbees | 2024-08-04 | 4.3 Medium |
| Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view that HTTP endpoint. | ||||
| CVE-2020-2233 | 1 Jenkins | 1 Pipeline Maven Integration | 2024-08-04 | 6.5 Medium |
| A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2020-2135 | 2 Jenkins, Redhat | 2 Script Security, Openshift | 2024-08-04 | 8.8 High |
| Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier could be circumvented through crafted method calls on objects that implement GroovyInterceptable. | ||||
| CVE-2020-2228 | 1 Jenkins | 1 Gitlab Authentication | 2024-08-04 | 8.8 High |
| Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | ||||
| CVE-2020-2188 | 1 Jenkins | 1 Amazon Ec2 | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||