Total
389 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5250 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 7.6 High |
| In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4. | ||||
| CVE-2020-4075 | 1 Electronjs | 1 Electron | 2024-11-21 | 6.8 Medium |
| In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. | ||||
| CVE-2020-3927 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2024-11-21 | 8.3 High |
| An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | ||||
| CVE-2020-3926 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2024-11-21 | 6.1 Medium |
| An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | ||||
| CVE-2020-3476 | 1 Cisco | 1 Ios | 2024-11-21 | 6.0 Medium |
| A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system. | ||||
| CVE-2020-3267 | 1 Cisco | 1 Unified Contact Center Express | 2024-11-21 | 7.1 High |
| A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by authenticating to an affected system with valid agent credentials and performing a specific API call with crafted input. A successful exploit could allow the attacker to change the availability state of an agent, potentially causing a denial of service condition. | ||||
| CVE-2020-35658 | 1 Titanhq | 1 Spamtitan | 2024-11-21 | 5.3 Medium |
| SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. | ||||
| CVE-2020-35340 | 1 Expertpdf | 1 Expertpdf | 2024-11-21 | 7.5 High |
| A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. | ||||
| CVE-2020-29373 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.5 Medium |
| An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. | ||||
| CVE-2020-27368 | 1 Totolink | 2 A702r, A702r Firmware | 2024-11-21 | 5.5 Medium |
| Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter. | ||||
| CVE-2020-26549 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 High |
| An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. | ||||
| CVE-2020-26183 | 1 Dell | 1 Emc Networker | 2024-11-21 | 6.8 Medium |
| Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner. | ||||
| CVE-2020-26182 | 1 Dell | 1 Emc Networker | 2024-11-21 | 6.8 Medium |
| Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP. | ||||
| CVE-2020-25636 | 1 Redhat | 1 Ansible | 2024-11-21 | 6.6 Medium |
| A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. | ||||
| CVE-2020-25351 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script. | ||||
| CVE-2020-22124 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 7.5 High |
| A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information. | ||||
| CVE-2020-1908 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-11-21 | 4.6 Medium |
| Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked. | ||||
| CVE-2020-1726 | 2 Libpod Project, Redhat | 4 Libpod, Enterprise Linux, Openshift and 1 more | 2024-11-21 | 5.9 Medium |
| A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0. | ||||
| CVE-2020-16116 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 3.3 Low |
| In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. | ||||
| CVE-2020-15704 | 1 Canonical | 2 Ppp, Ubuntu Linux | 2024-11-21 | 5.5 Medium |
| The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504. | ||||