Total
3903 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8664 | 2 Cncf, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | 5.3 Medium |
| CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump. | ||||
| CVE-2020-8300 | 1 Citrix | 16 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 13 more | 2024-11-21 | 6.5 Medium |
| Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible. | ||||
| CVE-2020-8278 | 1 Nextcloud | 1 Social | 2024-11-21 | 5.3 Medium |
| Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. | ||||
| CVE-2020-8275 | 1 Citrix | 1 Secure Mail | 2024-11-21 | 4.3 Medium |
| Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. | ||||
| CVE-2020-8207 | 1 Citrix | 1 Workspace | 2024-11-21 | 8.8 High |
| Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. | ||||
| CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2024-11-21 | 8.0 High |
| Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | ||||
| CVE-2020-8179 | 1 Nextcloud | 1 Deck | 2024-11-21 | 4.1 Medium |
| Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. | ||||
| CVE-2020-8157 | 1 Ui | 4 Unifi Cloud Key Gen2, Unifi Cloud Key Gen2 Firmware, Unifi Cloud Key Gen2 Plus and 1 more | 2024-11-21 | 6.8 Medium |
| UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). | ||||
| CVE-2020-8153 | 2 Fedoraproject, Nextcloud | 2 Fedora, Group Folders | 2024-11-21 | 8.1 High |
| Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. | ||||
| CVE-2020-8139 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 6.5 Medium |
| A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | ||||
| CVE-2020-8122 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | ||||
| CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.1 High |
| A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | ||||
| CVE-2020-8028 | 1 Suse | 2 Manager Server, Salt-netapi-client | 2024-11-21 | 9.3 Critical |
| A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1. | ||||
| CVE-2020-7941 | 1 Plone | 1 Plone | 2024-11-21 | 9.8 Critical |
| A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. | ||||
| CVE-2020-7938 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. | ||||
| CVE-2020-7578 | 1 Siemens | 1 Opcenter Execution Core | 2024-11-21 | 8.1 High |
| A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform unauthorized changes. | ||||
| CVE-2020-7573 | 1 Schneider-electric | 1 Webreports | 2024-11-21 | 6.5 Medium |
| A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control. | ||||
| CVE-2020-7561 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 9.8 Critical |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | ||||
| CVE-2020-7547 | 1 Schneider-electric | 5 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Power Manager and 2 more | 2024-11-21 | 8.8 High |
| A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level. | ||||
| CVE-2020-7545 | 1 Schneider-electric | 5 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Power Manager and 2 more | 2024-11-21 | 7.2 High |
| A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage. | ||||