Total
2818 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-9754 | 1 Navercorp | 1 Whale | 2024-08-04 | 5.3 Medium |
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode. | ||||
CVE-2020-9543 | 2 Openstack, Redhat | 2 Manila, Openstack | 2024-08-04 | 8.3 High |
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks. | ||||
CVE-2020-9046 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2024-08-04 | 8.8 High |
A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. | ||||
CVE-2020-8902 | 1 Google | 1 Rendertron | 2024-08-04 | 3.5 Low |
Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome's access to your internal domain. | ||||
CVE-2020-8664 | 2 Cncf, Redhat | 2 Envoy, Service Mesh | 2024-08-04 | 5.3 Medium |
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump. | ||||
CVE-2020-8694 | 1 Intel | 598 Celeron 3855u, Celeron 3855u Firmware, Celeron 3865u and 595 more | 2024-08-04 | 5.5 Medium |
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
CVE-2020-8300 | 1 Citrix | 16 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 13 more | 2024-08-04 | 6.5 Medium |
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible. | ||||
CVE-2020-8278 | 1 Nextcloud | 1 Social | 2024-08-04 | 5.3 Medium |
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. | ||||
CVE-2020-8275 | 1 Citrix | 1 Secure Mail | 2024-08-04 | 4.3 Medium |
Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. | ||||
CVE-2020-8196 | 1 Citrix | 11 4000-wo, 4100-wo, 5000-wo and 8 more | 2024-08-04 | 4.3 Medium |
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. | ||||
CVE-2020-8207 | 1 Citrix | 1 Workspace | 2024-08-04 | 8.8 High |
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. | ||||
CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2024-08-04 | 8.0 High |
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | ||||
CVE-2020-8193 | 1 Citrix | 11 4000-wo, 4100-wo, 5000-wo and 8 more | 2024-08-04 | 6.5 Medium |
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. | ||||
CVE-2020-8179 | 1 Nextcloud | 1 Deck | 2024-08-04 | 4.1 Medium |
Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. | ||||
CVE-2020-8139 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-08-04 | 6.5 Medium |
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | ||||
CVE-2020-8157 | 1 Ui | 4 Unifi Cloud Key Gen2, Unifi Cloud Key Gen2 Firmware, Unifi Cloud Key Gen2 Plus and 1 more | 2024-08-04 | 6.8 Medium |
UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). | ||||
CVE-2020-8153 | 2 Fedoraproject, Nextcloud | 2 Fedora, Group Folders | 2024-08-04 | 8.1 High |
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. | ||||
CVE-2020-8122 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.3 Medium |
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | ||||
CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 8.1 High |
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | ||||
CVE-2020-7938 | 1 Plone | 1 Plone | 2024-08-04 | 8.8 High |
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. |