ReportizFlow
Filtered by vendor
Subscriptions
Total
1411 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7263 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 6.5 Medium |
| Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import. | ||||
| CVE-2020-7051 | 1 Codologic | 1 Codoforum | 2024-11-21 | 6.1 Medium |
| Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover. | ||||
| CVE-2020-7050 | 1 Codologic | 1 Codoforum | 2024-11-21 | 5.4 Medium |
| Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. | ||||
| CVE-2020-6295 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 7.8 High |
| Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure. | ||||
| CVE-2020-6267 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 5.4 Medium |
| Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag. | ||||
| CVE-2020-5895 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 7.8 High |
| On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writing malformed messages to the socket. | ||||
| CVE-2020-5755 | 1 Webroot | 1 Endpoint Agents | 2024-11-21 | 7.8 High |
| Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation. | ||||
| CVE-2020-5417 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2024-11-21 | 8.8 High |
| Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components. | ||||
| CVE-2020-5385 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2024-11-21 | 6.7 Medium |
| Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. | ||||
| CVE-2020-5371 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2024-11-21 | 8 High |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale version 9.0.0 contain a file permissions vulnerability. An attacker, with network or local file access, could take advantage of insufficiently applied file permissions or gain unauthorized access to files. | ||||
| CVE-2020-5369 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2024-11-21 | 8.8 High |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files. | ||||
| CVE-2020-5358 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2024-11-21 | 6.7 Medium |
| Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. | ||||
| CVE-2020-5281 | 1 Cesnet | 1 Perun | 2024-11-21 | 6.2 Medium |
| In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input. | ||||
| CVE-2020-4945 | 2 Ibm, Linux | 3 Aix, Db2, Linux Kernel | 2024-11-21 | 8.1 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945. | ||||
| CVE-2020-4631 | 2 Ibm, Microsoft | 2 Spectrum Protect Plus, Windows | 2024-11-21 | 5.5 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. IBM X-Force ID: 185372. | ||||
| CVE-2020-4625 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 5.3 Medium |
| IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. | ||||
| CVE-2020-4347 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 7.3 High |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412. | ||||
| CVE-2020-4311 | 1 Ibm | 1 Tivoli Monitoring | 2024-11-21 | 7.0 High |
| IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083. | ||||
| CVE-2020-4289 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 5.3 Medium |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 176332. | ||||
| CVE-2020-4278 | 1 Ibm | 3 Platform Lsf, Spectrum Computing For High Performance Analytics, Spectrum Lsf | 2024-11-21 | 7.8 High |
| IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137. | ||||