Total
1299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1289 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 3.6 LOW | 5.5 MEDIUM |
| An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'. | |||||
| CVE-2018-5520 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2020-08-24 | 3.5 LOW | 4.4 MEDIUM |
| On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources. | |||||
| CVE-2019-1192 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-11361 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover. | |||||
| CVE-2019-10964 | 1 Medtronic | 38 Minimed 508, Minimed 508 Firmware, Minimed Paradigm 511 and 35 more | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. | |||||
| CVE-2019-1010084 | 1 Dancer\ | 1 \ | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact is: Potential for unathorised access to data. The component is: Incorrect calls to _ensure_auth() wrapper result in authentication-checking not being applied to al routes. | |||||
| CVE-2019-10014 | 1 Dedecms | 1 Dedecms | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated. | |||||
| CVE-2019-0762 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-0761 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768. | |||||
| CVE-2019-0678 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2020-08-24 | 4.0 MEDIUM | 6.8 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-0732 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-0552 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2020-08-24 | 4.6 MEDIUM | 8.8 HIGH |
| An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | |||||
| CVE-2019-0276 | 1 Sap | 2 Banking Services From Sap, S\/4hana Financial Products Subledger | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges. | |||||
| CVE-2019-0105 | 1 Intel | 1 Data Center Manager | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-9492 | 1 Google | 1 Android | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948 | |||||
| CVE-2018-9488 | 1 Google | 1 Android | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376. | |||||
| CVE-2020-7583 | 1 Siemens | 1 Automation License Manager | 2020-08-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). The application does not properly validate the users' privileges when executing some operations, which could allow a user with low permissions to arbitrary modify files that should be protected against writing. | |||||
| CVE-2020-8212 | 1 Citrix | 1 Xenmobile Server | 2020-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality. | |||||
| CVE-2020-3413 | 1 Cisco | 1 Webex Meetings Online | 2020-08-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization. The vulnerability is due to insufficient authorization enforcement for requests to delete scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to delete a scheduled meeting template. A successful exploit could allow the attacker to delete a scheduled meeting template that belongs to a user other than themselves. | |||||
| CVE-2020-3412 | 1 Cisco | 1 Webex Meetings Online | 2020-08-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to insufficient authorization enforcement for the creation of scheduled meeting templates. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to create a scheduled meeting template. A successful exploit could allow the attacker to create a scheduled meeting template that would belong to a user other than themselves. | |||||