Total
5775 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8772 | 1 Revmakx | 1 Infinitewp Client | 2024-11-21 | 9.8 Critical |
| The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in. | ||||
| CVE-2020-8495 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 7.5 High |
| In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters. | ||||
| CVE-2020-8139 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 6.5 Medium |
| A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | ||||
| CVE-2020-7993 | 1 Prototypejs | 1 Prototype | 2024-11-21 | 4.3 Medium |
| Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field. | ||||
| CVE-2020-7968 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. | ||||
| CVE-2020-7343 | 1 Mcafee | 1 Agent | 2024-11-21 | 5.5 Medium |
| Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files. | ||||
| CVE-2020-7278 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 7.4 High |
| Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | ||||
| CVE-2020-6823 | 1 Mozilla | 1 Firefox | 2024-11-21 | 9.8 Critical |
| A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75. | ||||
| CVE-2020-6393 | 6 Debian, Fedoraproject, Google and 3 more | 10 Debian Linux, Fedora, Chrome and 7 more | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2020-6316 | 1 Sap | 2 Erp, S\/4hana | 2024-11-21 | 4.3 Medium |
| SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. | ||||
| CVE-2020-6306 | 1 Sap | 1 Leasing | 2024-11-21 | 2.7 Low |
| Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17). | ||||
| CVE-2020-6301 | 1 Sap | 1 Hcm Travel Management | 2024-11-21 | 8.1 High |
| SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check. | ||||
| CVE-2020-6298 | 1 Sap | 1 Generic Market Data | 2024-11-21 | 8.1 High |
| SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check. | ||||
| CVE-2020-6273 | 1 Sap | 1 S\/4 Hana Fiori Ui For General Ledger Accounting | 2024-11-21 | 4.3 Medium |
| SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check. | ||||
| CVE-2020-6270 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 6.5 Medium |
| SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. | ||||
| CVE-2020-6268 | 1 Sap | 2 Erp \(ea-finserv\), Erp \(s4core\) | 2024-11-21 | 8.1 High |
| Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check. | ||||
| CVE-2020-6259 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 6.5 Medium |
| Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. | ||||
| CVE-2020-6258 | 1 Sap | 1 Identity Management | 2024-11-21 | 6.5 Medium |
| SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check. | ||||
| CVE-2020-6256 | 1 Sap | 1 Master Data Governance | 2024-11-21 | 4.3 Medium |
| SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check. | ||||
| CVE-2020-6233 | 1 Sap | 2 Banking Services From Sap, S\/4hana Financial Products Subledger | 2024-11-21 | 4.3 Medium |
| SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system. | ||||