Total
743 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11692 | 1 Jetbrains | 1 Youtrack | 2020-04-27 | 4.0 MEDIUM | 2.7 LOW |
| In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. | |||||
| CVE-2020-11689 | 1 Jetbrains | 1 Teamcity | 2020-04-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. | |||||
| CVE-2020-0547 | 1 Intel | 1 Data Migration | 2020-04-23 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-21061 | 1 Google | 1 Android | 2020-04-10 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018). | |||||
| CVE-2020-1985 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2020-04-10 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows. | |||||
| CVE-2017-18668 | 1 Google | 1 Android | 2020-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with M(6.0) software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 (June 2017). | |||||
| CVE-2017-18669 | 1 Google | 1 Android | 2020-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017). | |||||
| CVE-2019-3944 | 1 Parrot | 2 Anafi, Anafi Firmware | 2020-04-07 | 7.8 HIGH | 7.5 HIGH |
| Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight. | |||||
| CVE-2020-11444 | 1 Sonatype | 1 Nexus | 2020-04-07 | 6.5 MEDIUM | 8.8 HIGH |
| Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. | |||||
| CVE-2020-7004 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2020-04-06 | 7.2 HIGH | 8.8 HIGH |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application. | |||||
| CVE-2020-5551 | 1 Toyota | 1 Display Control Unit | 2020-04-03 | 5.4 MEDIUM | 8.8 HIGH |
| Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected. | |||||
| CVE-2019-16919 | 2 Linuxfoundation, Vmware | 3 Harbor, Cloud Foundation, Harbor Container Registry | 2020-04-01 | 5.0 MEDIUM | 7.5 HIGH |
| Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account. | |||||
| CVE-2020-10660 | 1 Hashicorp | 1 Vault | 2020-03-30 | 4.3 MEDIUM | 5.3 MEDIUM |
| HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4. | |||||
| CVE-2019-20536 | 1 Google | 1 Android | 2020-03-27 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019). | |||||
| CVE-2020-10792 | 1 It-novum | 1 Openitcockpit | 2020-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header. | |||||
| CVE-2020-9392 | 1 Supsystic | 1 Pricing Table By Supsystic | 2020-03-25 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table. | |||||
| CVE-2019-16061 | 1 Netsas | 1 Enigma Network Management Solution | 2020-03-23 | 6.5 MEDIUM | 8.8 HIGH |
| A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data (e.g., .htpasswd) and create/modify/delete content (e.g., under /var/www/html/docs) within the operating system. | |||||
| CVE-2014-2723 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2020-03-23 | 9.0 HIGH | 8.8 HIGH |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | |||||
| CVE-2014-2722 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2020-03-23 | 9.0 HIGH | 8.8 HIGH |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | |||||
| CVE-2014-2721 | 1 Fortinet | 8 Fortibalancer 1000, Fortibalancer 1000 Firmware, Fortibalancer 2000 and 5 more | 2020-03-23 | 9.0 HIGH | 8.8 HIGH |
| In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect. | |||||