Total
2331 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5253 | 1 Nethack | 1 Nethack | 2024-11-21 | 3.9 Low |
| NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. | ||||
| CVE-2020-5182 | 1 Cmsjunkie | 1 J-businessdirectory | 2024-11-21 | 6.5 Medium |
| The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location). | ||||
| CVE-2020-4603 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 7.2 High |
| IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880. | ||||
| CVE-2020-4184 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 7.3 High |
| IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802.. | ||||
| CVE-2020-3812 | 3 Canonical, Debian, Netqmail | 3 Ubuntu Linux, Debian Linux, Netqmail | 2024-11-21 | 5.5 Medium |
| qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first. | ||||
| CVE-2020-3600 | 1 Cisco | 1 Sd-wan | 2024-11-21 | 7.8 High |
| A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient security controls on the CLI. An attacker could exploit this vulnerability by using an affected CLI utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges. | ||||
| CVE-2020-3595 | 1 Cisco | 1 Sd-wan | 2024-11-21 | 7.8 High |
| A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges. | ||||
| CVE-2020-3594 | 1 Cisco | 1 Sd-wan | 2024-11-21 | 7.8 High |
| A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted options to a specific command. A successful exploit could allow the attacker to gain root privileges. | ||||
| CVE-2020-3593 | 1 Cisco | 1 Sd-wan | 2024-11-21 | 7.8 High |
| A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to a utility that is running on an affected system. A successful exploit could allow the attacker to gain root privileges. | ||||
| CVE-2020-3482 | 1 Cisco | 2 Expressway, Telepresence Video Communication Server | 2024-11-21 | 6.5 Medium |
| A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access. | ||||
| CVE-2020-3396 | 1 Cisco | 56 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 53 more | 2024-11-21 | 6.8 Medium |
| A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges. | ||||
| CVE-2020-3265 | 1 Cisco | 15 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 12 more | 2024-11-21 | 7.8 High |
| A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges. | ||||
| CVE-2020-3250 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 9.8 Critical |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-3243 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 9.8 Critical |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-3115 | 1 Cisco | 8 Sd-wan Firmware, Vedge-100, Vedge-1000 and 5 more | 2024-11-21 | 8.8 High |
| A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges. | ||||
| CVE-2020-3112 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 8.8 High |
| A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges. | ||||
| CVE-2020-36156 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 9.9 Critical |
| An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges. | ||||
| CVE-2020-36155 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 10 Critical |
| An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Unauthenticated Privilege Escalation via User Meta. An attacker could supply an array parameter for sensitive metadata, such as the wp_capabilities user meta that defines a user's role. During the registration process, submitted registration details were passed to the update_profile function, and any metadata was accepted, e.g., wp_capabilities[administrator] for Administrator access. | ||||
| CVE-2020-35593 | 1 Bmc | 1 Patrol Agent | 2024-11-21 | 7.8 High |
| BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host. | ||||
| CVE-2020-35557 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2024-11-21 | 6.5 Medium |
| An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation. | ||||