• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-269

CVE-2020-11466

February 26, 2023 by

An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user’s privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthorized parties. Additionally, it leaked ticket authentication code, making it possible to make changes to a ticket.

CVE-2020-10936

February 26, 2023 by

Sympa before 6.2.56 allows privilege escalation.

CVE-2020-10940

February 26, 2023 by

Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.

CVE-2020-10793

February 26, 2023 by

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the “Select Role of the User” page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown website built with the CodeIgniter framework but that CodeIgniter is not responsible for introducing this issue because the framework has never provided a login screen, nor any kind of login or user management facilities beyond a Session library. Also, another reporter indicates the issue is with a custom module/plugin to CodeIgniter, not CodeIgniter itself.

CVE-2020-10728

February 26, 2023 by

A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-10588

February 26, 2023 by

v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 52
  • Go to page 53
  • Go to page 54
  • Go to page 55
  • Go to page 56
  • Interim pages omitted …
  • Go to page 206
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE