Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8207 | 1 Citrix | 1 Workspace | 2020-07-29 | 6.0 MEDIUM | 8.8 HIGH |
| Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. | |||||
| CVE-2020-10288 | 2 Abb, Windriver | 4 Irb140, Irc5, Robotware and 1 more | 2020-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of username and password, however you can input whatever you like. As long as the field isn't empty it will be accepted. | |||||
| CVE-2020-3144 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2020-07-23 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device. The vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device. | |||||
| CVE-2020-7578 | 1 Siemens | 1 Opcenter Execution Core | 2020-07-17 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform unauthorized changes. | |||||
| CVE-2020-2500 | 1 Qnap | 1 Helpdesk | 2020-07-10 | 6.4 MEDIUM | 6.5 MEDIUM |
| This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can access the sensitive data on QNAP Kayako server with API keys. We have replaced the API key to mitigate the vulnerability, and already fixed the issue in Helpdesk 3.0.1 and later versions. | |||||
| CVE-2020-8179 | 1 Nextcloud | 1 Deck | 2020-07-08 | 4.0 MEDIUM | 4.1 MEDIUM |
| Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. | |||||
| CVE-2020-10278 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2020-07-06 | 5.0 MEDIUM | 4.6 MEDIUM |
| The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image. | |||||
| CVE-2020-3364 | 1 Cisco | 1 Ios Xr | 2020-06-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XR Software, which prevents the ACL from working when applied against the standby route processor management interface. An attacker could exploit this vulnerability by attempting to access the device through the standby route processor management interface. | |||||
| CVE-2020-3245 | 1 Cisco | 1 Smart Software Manager On-prem | 2020-06-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to add user accounts to the configuration of an affected device. These accounts would not be administrator or operator accounts. | |||||
| CVE-2020-3231 | 1 Cisco | 1 Ios | 2020-06-08 | 2.9 LOW | 4.7 MEDIUM |
| A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series Switches and Cisco Catalyst CDB-8P Switches could allow an unauthenticated, adjacent attacker to forward broadcast traffic before being authenticated on the port. The vulnerability exists because broadcast traffic that is received on the 802.1X-enabled port is mishandled. An attacker could exploit this vulnerability by sending broadcast traffic on the port before being authenticated. A successful exploit could allow the attacker to send and receive broadcast traffic on the 802.1X-enabled port before authentication. | |||||
| CVE-2020-9046 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2020-06-03 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. | |||||
| CVE-2020-6774 | 1 Bosch | 2 Recording Station, Recording Station Firmware | 2020-05-29 | 7.2 HIGH | 8.8 HIGH |
| Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system. | |||||
| CVE-2020-2025 | 1 Katacontainers | 1 Runtime | 2020-05-21 | 4.6 MEDIUM | 8.8 HIGH |
| Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests. | |||||
| CVE-2020-11931 | 2 Canonical, Pulseaudio | 2 Ubuntu Linux, Pulseaudio | 2020-05-19 | 2.1 LOW | 3.3 LOW |
| An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; | |||||
| CVE-2020-10612 | 1 Opto22 | 1 Softpac Project | 2020-05-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. | |||||
| CVE-2020-3253 | 1 Cisco | 1 Firepower Threat Defense | 2020-05-12 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the support tunnel feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access the shell of an affected device even though expert mode is disabled. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by enabling the support tunnel, setting a key, and deriving the tunnel password. A successful exploit could allow the attacker to run any system command with root access on an affected device. | |||||
| CVE-2020-3312 | 1 Cisco | 1 Firepower Management Center | 2020-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data. | |||||
| CVE-2020-8157 | 1 Ui | 4 Unifi Cloud Key Gen2, Unifi Cloud Key Gen2 Firmware, Unifi Cloud Key Gen2 Plus and 1 more | 2020-05-07 | 7.2 HIGH | 6.8 MEDIUM |
| UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). | |||||
| CVE-2020-5279 | 1 Prestashop | 1 Prestashop | 2020-04-29 | 6.4 MEDIUM | 6.5 MEDIUM |
| In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5 | |||||
| CVE-2020-5287 | 1 Prestashop | 1 Prestashop | 2020-04-27 | 6.4 MEDIUM | 6.5 MEDIUM |
| In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5. | |||||