Export limit exceeded: 22523 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11081 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11081 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8119 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | ||||
| CVE-2020-8086 | 2 Debian, Prosody | 3 Debian Linux, Mod Auth Ldap, Mod Auth Ldap2 | 2024-11-21 | 9.8 Critical |
| The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. | ||||
| CVE-2020-7993 | 1 Prototypejs | 1 Prototype | 2024-11-21 | 4.3 Medium |
| Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field. | ||||
| CVE-2020-7968 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | ||||
| CVE-2020-7955 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.3 Medium |
| HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. | ||||
| CVE-2020-7692 | 2 Google, Redhat | 3 Oauth Client Library For Java, Ocp Tools, Openshift | 2024-11-21 | 7.4 High |
| PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0. | ||||
| CVE-2020-7583 | 1 Siemens | 1 Automation License Manager | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing. | ||||
| CVE-2020-7499 | 1 Schneider-electric | 12 Mtn6260-0310, Mtn6260-0310 Firmware, Mtn6260-0315 and 9 more | 2024-11-21 | 6.5 Medium |
| A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes. | ||||
| CVE-2020-7343 | 1 Mcafee | 1 Agent | 2024-11-21 | 5.5 Medium |
| Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files. | ||||
| CVE-2020-7300 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 4.6 Medium |
| Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages. | ||||
| CVE-2020-7278 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 7.4 High |
| Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | ||||
| CVE-2020-7251 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 5 Medium |
| Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthorised use of the configuration tool from older versions of ENS. | ||||
| CVE-2020-6823 | 1 Mozilla | 1 Firefox | 2024-11-21 | 9.8 Critical |
| A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75. | ||||
| CVE-2020-6752 | 1 Openmicroscopy | 1 Omero | 2024-11-21 | 3.8 Low |
| In OMERO before 5.6.1, group owners can access members' data in other groups. | ||||
| CVE-2020-6393 | 6 Debian, Fedoraproject, Google and 3 more | 10 Debian Linux, Fedora, Chrome and 7 more | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2020-6380 | 3 Fedoraproject, Google, Redhat | 3 Fedora, Chrome, Rhel Extras | 2024-11-21 | 8.8 High |
| Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted Chrome Extension. | ||||
| CVE-2020-6362 | 1 Sap | 1 Banking Services | 2024-11-21 | 6.5 Medium |
| SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component. | ||||
| CVE-2020-6316 | 1 Sap | 2 Erp, S\/4hana | 2024-11-21 | 4.3 Medium |
| SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. | ||||
| CVE-2020-6311 | 1 Sap | 2 Bank Analyzer, S\/4hana For Financial Products Subledger | 2024-11-21 | 6.5 Medium |
| Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data. | ||||
| CVE-2020-6307 | 1 Sap | 1 Basis | 2024-11-21 | 4.3 Medium |
| Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. | ||||