Total
3294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24433 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment. | |||||
| CVE-2020-1754 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. | |||||
| CVE-2020-1732 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Continuous Delivery, Openshift Application Runtimes and 1 more | 2024-11-21 | 4.9 MEDIUM | 4.2 MEDIUM |
| A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request. | |||||
| CVE-2020-1666 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 7.2 HIGH | 6.6 MEDIUM |
| The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO. | |||||
| CVE-2020-1604 | 1 Juniper | 7 Ex4300, Ex4600, Junos and 4 more | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. This issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE). This issue does not affect the Layer 2 firewall filter evaluation nor does it affect the Layer 3 firewall filter evaluation destined to connected hosts. This issue may occur when evaluating both IPv4 or IPv6 packets. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series; 14.1X53 versions prior to 14.1X53-D52 on QFX3500 Series; 14.1X53 versions prior to 14.1X53-D48 on EX4300 Series; 15.1 versions prior to 15.1R7-S3 on EX4300 Series; 16.1 versions prior to 16.1R7 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3 on EX4300 Series; 17.3 versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series; 17.4 versions prior to 17.4R2 on EX4300 Series; 18.1 versions prior to 18.1R3 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series. | |||||
| CVE-2020-16261 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access. | |||||
| CVE-2020-16241 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2024-11-21 | 2.1 LOW | 2.1 LOW |
| Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | |||||
| CVE-2020-15279 | 1 Bitdefender | 1 Endpoint Security Tools | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research. | |||||
| CVE-2020-15181 | 1 Alfresco | 1 Reset Password | 2024-11-21 | 10.0 HIGH | 9.3 CRITICAL |
| The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0 | |||||
| CVE-2020-15102 | 1 Prestashop | 1 Dashboard Products | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0. | |||||
| CVE-2020-15079 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 5.5 MEDIUM | 6.4 MEDIUM |
| In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6 | |||||
| CVE-2020-14499 | 1 Advantech | 1 Iview | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. | |||||
| CVE-2020-14388 | 1 Redhat | 1 3scale Api Management | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission. | |||||
| CVE-2020-14312 | 1 Fedoraproject | 1 Fedora | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. | |||||
| CVE-2020-13677 | 1 Drupal | 1 Drupal | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected. | |||||
| CVE-2020-13676 | 1 Drupal | 1 Drupal | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. | |||||
| CVE-2020-13675 | 1 Drupal | 1 Drupal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site. | |||||
| CVE-2020-12493 | 1 Swarco | 1 Cpu Ls4000 Firmware | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices. | |||||
| CVE-2020-12488 | 1 Vivo | 1 Jovi Smart Scene | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission. | |||||
| CVE-2020-12030 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1420 Gateway and 3 more | 2024-11-21 | 6.8 MEDIUM | 10.0 CRITICAL |
| There is a flaw in the code used to configure the internal gateway firewall when the gateway's VLAN feature is enabled. If a user enables the VLAN setting, the internal gateway firewall becomes disabled resulting in exposure of all ports used by the gateway. | |||||