Total
3604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5148 | 1 Sonicwall | 1 Directory Services Connector | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls. | |||||
| CVE-2020-4983 | 1 Ibm | 2 Spectrum Lsf, Spectrum Lsf Suite | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM X-Force ID: 192586. | |||||
| CVE-2020-4879 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security restrictions, caused by improper validation of authentication cookies. IBM X-Force ID: 190847. | |||||
| CVE-2020-4821 | 1 Ibm | 2 Infosphere Change Data Capture, Infosphere Data Replication | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834 | |||||
| CVE-2020-4779 | 1 Ibm | 1 Curam Social Program Management | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass security access controls. IBM X-Force ID: 189156. | |||||
| CVE-2020-4771 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993. | |||||
| CVE-2020-4747 | 1 Ibm | 1 Connect\ | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. IBM X-Force ID: 188516. | |||||
| CVE-2020-4662 | 1 Ibm | 1 Event Streams | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233. | |||||
| CVE-2020-4494 | 3 Ibm, Linux, Microsoft | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019. | |||||
| CVE-2020-4205 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an authenticated user to bypass security restrictions, and continue to access the server even after authentication certificates have been revolked. IBM X-Force ID: 174961. | |||||
| CVE-2020-4167 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. IBM X-Force ID: 174403. | |||||
| CVE-2020-4074 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 10.0 HIGH | 8.9 HIGH |
| In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6. | |||||
| CVE-2020-3944 | 2 Microsoft, Vmware | 2 Windows, Vrealize Operations | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication. | |||||
| CVE-2020-3923 | 1 Tonnet | 16 Tat-70432n, Tat-70432n Firmware, Tat-71416g1 and 13 more | 2024-11-21 | 10.0 HIGH | 8.1 HIGH |
| DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET, contain misconfigured authentication mechanism. Attackers can crack the default password and gain access to the system. | |||||
| CVE-2020-3565 | 1 Cisco | 1 Firepower Threat Defense | 2024-11-21 | 4.3 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system. The vulnerability exists because TCP Intercept is invoked when the embryonic connection limit is reached, which can cause the underlying detection engine to process the packet incorrectly. An attacker could exploit this vulnerability by sending a crafted stream of traffic that matches a policy on which TCP Intercept is configured. A successful exploit could allow the attacker to match on an incorrect policy, which could allow the traffic to be forwarded when it should be dropped. In addition, the traffic could incorrectly be dropped. | |||||
| CVE-2020-3411 | 1 Cisco | 1 Dna Center | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. | |||||
| CVE-2020-3388 | 1 Cisco | 5 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 2 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated to access the CLI. A successful exploit could allow the attacker to execute commands with root privileges. | |||||
| CVE-2020-3361 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site. | |||||
| CVE-2020-3297 | 1 Cisco | 236 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 233 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. The attacker could obtain the privileges of the highjacked session account, which could include administrator privileges on the device. The vulnerability is due to the use of weak entropy generation for session identifier values. An attacker could exploit this vulnerability to determine a current session identifier through brute force and reuse that session identifier to take over an ongoing session. In this way, an attacker could take actions within the management interface with privileges up to the level of the administrative user. | |||||
| CVE-2020-3216 | 1 Cisco | 1 Ios Xe Sd-wan | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An attacker could exploit this vulnerability by stopping the boot initialization of an affected device. A successful exploit could allow the attacker to bypass authentication and gain unrestricted access to the root shell of the affected device. | |||||