Total
1438 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5333 | 1 Rsa | 1 Archer | 2020-07-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information. | |||||
| CVE-2020-15513 | 1 Mittwald | 1 Typo3 Forum | 2020-07-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control. | |||||
| CVE-2020-5372 | 1 Dell | 10 Emc Powerstore 1000, Emc Powerstore 1000 Firmware, Emc Powerstore 3000 and 7 more | 2020-07-13 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerability that exposes test interface ports to external network. A remote unauthenticated attacker could potentially cause Denial of Service via test interface ports which are not used during run time environment. | |||||
| CVE-2020-13263 | 1 Gitlab | 1 Gitlab | 2020-07-01 | 6.5 MEDIUM | 8.8 HIGH |
| An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | |||||
| CVE-2020-12053 | 1 Unisys | 1 Stealth | 2020-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key. | |||||
| CVE-2020-13277 | 1 Gitlab | 1 Gitlab | 2020-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | |||||
| CVE-2020-3364 | 1 Cisco | 1 Ios Xr | 2020-06-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XR Software, which prevents the ACL from working when applied against the standby route processor management interface. An attacker could exploit this vulnerability by attempting to access the device through the standby route processor management interface. | |||||
| CVE-2020-3229 | 1 Cisco | 1 Ios Xe | 2020-06-09 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in Role Based Access Control (RBAC) functionality of Cisco IOS XE Web Management Software could allow a Read-Only authenticated, remote attacker to execute commands or configuration changes as an Admin user. The vulnerability is due to incorrect handling of RBAC for the administration GUI. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a Read-Only user to execute CLI commands or configuration changes as if they were an Admin user. | |||||
| CVE-2020-3231 | 1 Cisco | 1 Ios | 2020-06-08 | 2.9 LOW | 4.7 MEDIUM |
| A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is received on the 802.1X-enabled port is mishandled. An attacker could exploit this vulnerability by sending broadcast traffic on the port before being authenticated. A successful exploit could allow the attacker to send and receive broadcast traffic on the 802.1X-enabled port before authentication. | |||||
| CVE-2020-13834 | 1 Google | 1 Android | 2020-06-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020). | |||||
| CVE-2020-4026 | 1 Atlassian | 1 Navigator Links | 2020-06-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted or otherwise hidden, through an incorrect authorization check. | |||||
| CVE-2011-1123 | 1 Google | 1 Chrome | 2020-06-04 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors. | |||||
| CVE-2020-1831 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2020-06-02 | 1.9 LOW | 2.4 LOW |
| HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC. | |||||
| CVE-2020-1998 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-19 | 6.5 MEDIUM | 8.8 HIGH |
| An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0. | |||||
| CVE-2020-12875 | 1 Veritas | 1 Aptare | 2020-05-15 | 6.5 MEDIUM | 6.3 MEDIUM |
| Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application. | |||||
| CVE-2020-4446 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2020-05-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126. | |||||
| CVE-2020-5343 | 1 Dell | 1 Os Recovery Image For Microsoft Windows 10 | 2020-05-08 | 7.2 HIGH | 7.8 HIGH |
| Dell Client platforms restored using a Dell OS recovery image downloaded before December 20, 2019, may contain an insecure inherited permissions vulnerability. A local authenticated malicious user with low privileges could exploit this vulnerability to gain unauthorized access on the root folder. | |||||
| CVE-2020-5279 | 1 Prestashop | 1 Prestashop | 2020-04-29 | 6.4 MEDIUM | 6.5 MEDIUM |
| In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5 | |||||
| CVE-2020-5287 | 1 Prestashop | 1 Prestashop | 2020-04-27 | 6.4 MEDIUM | 6.5 MEDIUM |
| In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5. | |||||
| CVE-2020-5288 | 1 Prestashop | 1 Prestashop | 2020-04-27 | 6.4 MEDIUM | 6.5 MEDIUM |
| "In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5. | |||||