Total
4190 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8275 | 1 Citrix | 1 Secure Mail | 2024-11-21 | 4.3 Medium |
| Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. | ||||
| CVE-2020-8207 | 1 Citrix | 1 Workspace | 2024-11-21 | 8.8 High |
| Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. | ||||
| CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2024-11-21 | 8.0 High |
| Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | ||||
| CVE-2020-8179 | 1 Nextcloud | 1 Deck | 2024-11-21 | 4.1 Medium |
| Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. | ||||
| CVE-2020-8157 | 1 Ui | 4 Unifi Cloud Key Gen2, Unifi Cloud Key Gen2 Firmware, Unifi Cloud Key Gen2 Plus and 1 more | 2024-11-21 | 6.8 Medium |
| UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART). | ||||
| CVE-2020-8153 | 2 Fedoraproject, Nextcloud | 2 Fedora, Group Folders | 2024-11-21 | 8.1 High |
| Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. | ||||
| CVE-2020-8139 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 6.5 Medium |
| A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | ||||
| CVE-2020-8122 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | ||||
| CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.1 High |
| A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | ||||
| CVE-2020-8028 | 1 Suse | 2 Manager Server, Salt-netapi-client | 2024-11-21 | 9.3 Critical |
| A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local users to escalate to root on every system managed by SUSE manager. On the managing node itself code can be executed as user salt, potentially allowing for escalation to root there. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 google-gson versions prior to 2.8.5-3.4.3, httpcomponents-client-4.5.6-3.4.2, httpcomponents-. SUSE Manager Proxy 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Retail Branch Server 4.0 release-notes-susemanager-proxy versions prior to 4.0.9-0.16.38.1. SUSE Manager Server 3.2 salt-netapi-client versions prior to 0.16.0-4.14.1, spacewalk-. SUSE Manager Server 4.0 release-notes-susemanager versions prior to 4.0.9-3.54.1. | ||||
| CVE-2020-7941 | 1 Plone | 1 Plone | 2024-11-21 | 9.8 Critical |
| A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. | ||||
| CVE-2020-7938 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. | ||||
| CVE-2020-7578 | 1 Siemens | 1 Opcenter Execution Core | 2024-11-21 | 8.1 High |
| A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform unauthorized changes. | ||||
| CVE-2020-7573 | 1 Schneider-electric | 1 Webreports | 2024-11-21 | 6.5 Medium |
| A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control. | ||||
| CVE-2020-7561 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 9.8 Critical |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted. | ||||
| CVE-2020-7547 | 1 Schneider-electric | 5 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Power Manager and 2 more | 2024-11-21 | 8.8 High |
| A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level. | ||||
| CVE-2020-7545 | 1 Schneider-electric | 5 Ecostruxure Energy Expert, Ecostruxure Power Monitoring Expert, Power Manager and 2 more | 2024-11-21 | 7.2 High |
| A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage. | ||||
| CVE-2020-7531 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2024-11-21 | 7.8 High |
| A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user. | ||||
| CVE-2020-7278 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 7.4 High |
| Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | ||||
| CVE-2020-7253 | 1 Mcafee | 1 Agent | 2024-11-21 | 5.7 Medium |
| Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility. | ||||