Total
394 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1361 | 1 Cisco | 49 Nexus 3000, Nexus 3100, Nexus 3100-z and 46 more | 2024-11-21 | 9.8 Critical |
| A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing. | ||||
| CVE-2021-1256 | 1 Cisco | 1 Firepower Threat Defense | 2024-11-21 | 6 Medium |
| A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device. | ||||
| CVE-2020-6809 | 1 Mozilla | 1 Firefox | 2024-11-21 | 7.5 High |
| When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74. | ||||
| CVE-2020-5356 | 1 Dell | 3 Powerprotect Data Manager, Powerprotect X400, Powerprotect X400 Firmware | 2024-11-21 | 7.7 High |
| Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. | ||||
| CVE-2020-5289 | 1 Elide | 1 Elide | 2024-11-21 | 6.8 Medium |
| In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater. | ||||
| CVE-2020-5250 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 7.6 High |
| In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4. | ||||
| CVE-2020-4075 | 1 Electronjs | 1 Electron | 2024-11-21 | 6.8 Medium |
| In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not something you expect. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. | ||||
| CVE-2020-3927 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2024-11-21 | 8.3 High |
| An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | ||||
| CVE-2020-3926 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2024-11-21 | 6.1 Medium |
| An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | ||||
| CVE-2020-3476 | 1 Cisco | 1 Ios | 2024-11-21 | 6.0 Medium |
| A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system. | ||||
| CVE-2020-3267 | 1 Cisco | 1 Unified Contact Center Express | 2024-11-21 | 7.1 High |
| A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by authenticating to an affected system with valid agent credentials and performing a specific API call with crafted input. A successful exploit could allow the attacker to change the availability state of an agent, potentially causing a denial of service condition. | ||||
| CVE-2020-35658 | 1 Titanhq | 1 Spamtitan | 2024-11-21 | 5.3 Medium |
| SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. | ||||
| CVE-2020-35340 | 1 Expertpdf | 1 Expertpdf | 2024-11-21 | 7.5 High |
| A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. | ||||
| CVE-2020-29373 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.5 Medium |
| An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. | ||||
| CVE-2020-27368 | 1 Totolink | 2 A702r, A702r Firmware | 2024-11-21 | 5.5 Medium |
| Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows attacker to access /icons/ directories via GET Parameter. | ||||
| CVE-2020-26549 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 High |
| An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. | ||||
| CVE-2020-26183 | 1 Dell | 1 Emc Networker | 2024-11-21 | 6.8 Medium |
| Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner. | ||||
| CVE-2020-26182 | 1 Dell | 1 Emc Networker | 2024-11-21 | 6.8 Medium |
| Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP. | ||||
| CVE-2020-25636 | 1 Redhat | 1 Ansible | 2024-11-21 | 6.6 Medium |
| A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. | ||||
| CVE-2020-25351 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script. | ||||