Total
1599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1796 | 1 Huawei | 4 Mate 20, Mate 20 Firmware, Mate 30 Pro and 1 more | 2020-03-24 | 4.6 MEDIUM | 6.6 MEDIUM |
| There is an improper authorization vulnerability in several smartphones. The software incorrectly performs an authorization to certain user, successful exploit could allow a low privilege user to do certain operation which the user are supposed not to do.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | |||||
| CVE-2020-5240 | 1 Labdigital | 1 Wagtail-2fa | 2020-03-18 | 5.5 MEDIUM | 8.5 HIGH |
| In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other users device they can disable the target users 2FA devices and potentially compromise the account if they figure out their password. The problem has been patched in version 1.4.1. | |||||
| CVE-2019-13001 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass. | |||||
| CVE-2020-5251 | 1 Parseplatform | 1 Parse-server | 2020-03-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way. | |||||
| CVE-2013-4228 | 1 Organic Groups Project | 1 Organic Groups | 2020-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. | |||||
| CVE-2014-7914 | 1 Google | 1 Android | 2020-02-26 | 5.8 MEDIUM | 8.1 HIGH |
| btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. | |||||
| CVE-2020-5242 | 1 Openhab | 1 Openhab | 2020-02-26 | 9.3 HIGH | 8.8 HIGH |
| openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file which cannot be changed via REST calls. | |||||
| CVE-2020-8119 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | |||||
| CVE-2013-2198 | 1 Login Security Project | 1 Login Security | 2020-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username. | |||||
| CVE-2020-5318 | 1 Dell | 1 Emc Isilon Onefs | 2020-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 contain a vulnerability in some configurations. An attacker may exploit this vulnerability to gain access to restricted files. The non-RAN HTTP and WebDAV file-serving components have a vulnerability wherein when either are enabled, and Basic Authentication is enabled for either or both components, files are accessible without authentication. | |||||
| CVE-2013-2673 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2020-02-05 | 4.6 MEDIUM | 6.8 MEDIUM |
| Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. | |||||
| CVE-2020-8086 | 2 Debian, Prosody | 3 Debian Linux, Mod Auth Ldap, Mod Auth Ldap2 | 2020-02-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. | |||||
| CVE-2013-2574 | 1 Foscam | 2 Fi8620, Fi8620 Firmware | 2020-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. | |||||
| CVE-2013-4862 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2020-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. | |||||
| CVE-2013-1350 | 1 Veraxsystems | 1 Network Management System | 2020-02-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities | |||||
| CVE-2012-3821 | 1 Arialsoftware | 1 Campaign Enterprise | 2020-01-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field. | |||||
| CVE-2016-6591 | 1 Symantec | 1 Norton App Lock | 2020-01-21 | 3.3 LOW | 7.1 HIGH |
| A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | |||||
| CVE-2013-4985 | 1 Vivotek | 6 Ip7160, Ip7160 Firmware, Ip7361 and 3 more | 2020-01-17 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream | |||||
| CVE-2012-3822 | 1 Arialsoftware | 1 Campaign Enterprise | 2020-01-15 | 5.0 MEDIUM | 7.5 HIGH |
| Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials. | |||||
| CVE-2019-14843 | 1 Redhat | 2 Jboss Enterprise Application Platform, Single Sign-on | 2020-01-15 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue. | |||||