Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-2218 | 1 Google | 1 Android | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141169173 | |||||
| CVE-2019-16907 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI. | |||||
| CVE-2017-1000388 | 1 Jenkins | 1 Dependency Graph Viewer | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data. | |||||
| CVE-2020-6298 | 1 Sap | 1 Generic Market Data | 2020-08-14 | 5.5 MEDIUM | 8.1 HIGH |
| SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check. | |||||
| CVE-2020-6273 | 1 Sap | 1 S\/4 Hana Fiori Ui For General Ledger Accounting | 2020-08-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check. | |||||
| CVE-2020-6301 | 1 Sap | 1 Hcm Travel Management | 2020-08-13 | 5.5 MEDIUM | 8.1 HIGH |
| SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check. | |||||
| CVE-2020-14520 | 1 Inductiveautomation | 1 Ignition Gateway | 2020-08-11 | 5.0 MEDIUM | 7.5 HIGH |
| The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13). | |||||
| CVE-2020-5396 | 1 Vmware | 2 Gemfire, Tanzu Gemfire For Virtual Machines | 2020-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and VMware Tanzu GemFire for VMs versions prior to 1.11.1 and 1.10.2, when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration. This allows a malicious user to create an MLet mbean leading to remote code execution. | |||||
| CVE-2015-0571 | 1 Linux | 1 Linux Kernel | 2020-07-31 | 9.3 HIGH | 7.8 HIGH |
| The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c. | |||||
| CVE-2020-14491 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2020-07-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information. | |||||
| CVE-2020-5368 | 1 Dell | 4 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 1 more | 2020-07-13 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authentication vulnerability. A remote unauthenticated attacker may exploit this vulnerability to obtain sensitive information in an encrypted form. | |||||
| CVE-2020-5345 | 1 Dell | 3 Emc Unisphere For Powermax, Emc Unisphere For Powermax Virtual Appliance, Powermax Os | 2020-07-02 | 5.5 MEDIUM | 5.4 MEDIUM |
| Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an authorization bypass vulnerability. An authenticated malicious user may potentially execute commands to alter or stop database statistics. | |||||
| CVE-2018-21257 | 1 Mattermost | 1 Mattermost Server | 2020-06-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API. | |||||
| CVE-2018-21251 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body. | |||||
| CVE-2020-3245 | 1 Cisco | 1 Smart Software Manager On-prem | 2020-06-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to add user accounts to the configuration of an affected device. These accounts would not be administrator or operator accounts. | |||||
| CVE-2020-5362 | 1 Dell | 708 Chengming 3967, Chengming 3967 Firmware, Chengming 3977 and 705 more | 2020-06-23 | 2.1 LOW | 4.4 MEDIUM |
| Dell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values. | |||||
| CVE-2020-14213 | 1 Zammad | 1 Zammad | 2020-06-23 | 5.5 MEDIUM | 5.4 MEDIUM |
| In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge). | |||||
| CVE-2020-6268 | 1 Sap | 2 Erp \(ea-finserv\), Erp \(s4core\) | 2020-06-16 | 5.5 MEDIUM | 8.1 HIGH |
| Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check. | |||||
| CVE-2020-13266 | 1 Gitlab | 1 Gitlab | 2020-06-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions | |||||
| CVE-2020-13425 | 1 Thetrackr | 2 Trackr, Trackr Firmware | 2020-05-26 | 6.8 MEDIUM | 7.1 HIGH |
| TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted. | |||||