Search
Total
71 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26183 | 1 Dell | 1 Emc Networker | 2020-10-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner. | |||||
| CVE-2020-3476 | 1 Cisco | 1 Ios | 2020-09-30 | 3.6 LOW | 6.0 MEDIUM |
| A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system. | |||||
| CVE-2020-1726 | 2 Libpod Project, Redhat | 3 Libpod, Enterprise Linux, Openshift Container Platform | 2020-09-28 | 5.8 MEDIUM | 5.9 MEDIUM |
| A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0. | |||||
| CVE-2019-12375 | 1 Ivanti | 1 Landesk Management Suite | 2020-08-24 | 4.1 MEDIUM | 6.3 MEDIUM |
| Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. | |||||
| CVE-2015-1350 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2020-08-03 | 2.1 LOW | 5.5 MEDIUM |
| The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | |||||
| CVE-2020-5356 | 1 Dell | 3 Powerprotect Data Manager, Powerprotect X400, Powerprotect X400 Firmware | 2020-07-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. | |||||
| CVE-2020-5289 | 1 Elide | 1 Elide | 2020-04-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater. | |||||
| CVE-2020-5250 | 1 Prestashop | 1 Prestashop | 2020-03-05 | 4.9 MEDIUM | 6.3 MEDIUM |
| In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4. | |||||
| CVE-2015-4715 | 1 Owncloud | 1 Owncloud | 2020-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values. | |||||
| CVE-2019-17112 | 1 Zohocorp | 1 Manageengine Datasecurity Plus | 2019-11-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (except for the password). | |||||
| CVE-2019-0381 | 1 Sap | 3 Dynamic Tier, Sap Iq, Sql Anywhere | 2019-10-15 | 2.1 LOW | 5.5 MEDIUM |
| A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user. | |||||
| CVE-2019-17130 | 1 Vbulletin | 1 Vbulletin | 2019-10-10 | 6.4 MEDIUM | 6.5 MEDIUM |
| vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core/vb/vurl directories. | |||||
| CVE-2017-6922 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system. | |||||
| CVE-2017-1602 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2019-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force ID: 132625. | |||||
| CVE-2017-6774 | 1 Cisco | 1 Asr 5000 Software | 2019-10-03 | 4.0 MEDIUM | 5.0 MEDIUM |
| A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or modify sensitive system files. The vulnerability is due to the inclusion of sensitive system files within specific FTP subdirectories. An attacker could exploit this vulnerability by overwriting sensitive configuration files through FTP. An exploit could allow the attacker to overwrite configuration files on an affected system. Cisco Bug IDs: CSCvd47739. Known Affected Releases: 21.0.v0.65839. | |||||
| CVE-2017-7737 | 1 Fortinet | 1 Fortiweb | 2019-10-03 | 4.0 MEDIUM | 4.9 MEDIUM |
| An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code. | |||||
| CVE-2017-7079 | 1 Apple | 1 Itunes | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups (written by iTunes) via a crafted app. | |||||
| CVE-2017-1308 | 1 Ibm | 1 Daeja Viewone | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462. | |||||
| CVE-2017-11829 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. | |||||
| CVE-2019-14273 | 1 Silverstripe | 1 Silverstripe | 2019-09-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| In SilverStripe assets 4.0, there is broken access control on files. | |||||
| CVE-2016-10829 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | |||||