• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-863

CVE-2020-12053

February 26, 2023 by

In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key.

CVE-2020-11844

February 26, 2023 by

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: – Hybrid Cloud Management. Versions 2018.05 to 2019.11. – ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. – ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. – ArcSight Interset. version 6.0.0. – ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. – Service Management Automation (SMA). versions 2018.05 to 2020.02 – Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. – Network Operation Management. versions 2017.11 to 2019.11. – Data Center Automation Containerized. versions 2018.05 to 2019.11 – Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.

CVE-2020-11753

February 26, 2023 by

An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).

CVE-2020-11707

February 26, 2023 by

An issue was discovered in ProVide (formerly zFTPServer) through 13.1. It doesn’t enforce permission over Windows Symlinks or Junctions. As a result, a low-privileged user (non-admin) can craft a Junction Link in a directory he has full control of, breaking out of the sandbox.

CVE-2020-11628

February 26, 2023 by

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. It is intended to support restriction of available remote protocols (CMP, ACME, REST, etc.) through the system configuration. These restrictions can be bypassed by modifying the URI string from a client. (EJBCA’s internal access control restrictions are still in place, and each respective protocol must be configured to allow for enrollment.)

CVE-2020-11209

February 26, 2023 by

Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 46
  • Go to page 47
  • Go to page 48
  • Go to page 49
  • Go to page 50
  • Interim pages omitted …
  • Go to page 192
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE