Total
3989 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8708 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2024-11-21 | 8.8 High |
| Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2020-8685 | 1 Intel | 1 Led Manager For Nuc | 2024-11-21 | 4.4 Medium |
| Improper authentication in subsystem for Intel (R) LED Manager for NUC before version 1.2.3 may allow privileged user to potentially enable denial of service via local access. | ||||
| CVE-2020-8664 | 2 Cncf, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | 5.3 Medium |
| CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump. | ||||
| CVE-2020-8606 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 9.8 Critical |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. | ||||
| CVE-2020-8595 | 2 Istio, Redhat | 4 Istio, Enterprise Linux, Openshift Service Mesh and 1 more | 2024-11-21 | 7.3 High |
| Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. | ||||
| CVE-2020-8591 | 1 Eginnovations | 1 Eg Manager | 2024-11-21 | 9.8 Critical |
| eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&accessKey=eGm0n1t0r request. | ||||
| CVE-2020-8510 | 1 Phpabook Project | 1 Phpabook | 2024-11-21 | 9.8 Critical |
| An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password. | ||||
| CVE-2020-8465 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 9.8 Critical |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root. | ||||
| CVE-2020-8350 | 1 Lenovo | 2 Thinkpad Stack Wireless Router, Thinkpad Stack Wireless Router Firmware | 2024-11-21 | 8.8 High |
| An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. | ||||
| CVE-2020-8272 | 1 Citrix | 1 Sd-wan | 2024-11-21 | 7.5 High |
| Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | ||||
| CVE-2020-8267 | 1 Ui | 1 Unifi Protect Firmware | 2024-11-21 | 5.3 Medium |
| A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer. | ||||
| CVE-2020-8253 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 7.5 High |
| Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files. | ||||
| CVE-2020-8236 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 6.8 Medium |
| A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it. | ||||
| CVE-2020-8207 | 1 Citrix | 1 Workspace | 2024-11-21 | 8.8 High |
| Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. | ||||
| CVE-2020-8206 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 8.1 High |
| An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. | ||||
| CVE-2020-8200 | 1 Citrix | 1 Storefront Server | 2024-11-21 | 6.5 Medium |
| Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. | ||||
| CVE-2020-8148 | 1 Ui | 2 Cloud Key Gen2, Cloud Key Gen2 Plus | 2024-11-21 | 5.3 Medium |
| UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus. | ||||
| CVE-2020-8108 | 1 Bitdefender | 1 Endpoint Security | 2024-11-21 | 8.2 High |
| Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80. | ||||
| CVE-2020-8097 | 1 Bitdefender | 2 Endpoint Security, Endpoint Security Tools | 2024-11-21 | 8.1 High |
| An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261. | ||||
| CVE-2020-7856 | 1 Cnesty | 1 Helpcom | 2024-11-21 | 7.5 High |
| A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation. | ||||