CVE-2017-18803

NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings.

Source: CVE-2017-18803

CVE-2017-18802

Certain NETGEAR devices are affected by command injection. This affects R6100 before 1.0.1.14, R7500 before 1.0.0.110, R7500v2 before 1.0.3.16, R7800 before 1.0.2.32, EX6200v2 before 1.0.1.50, and D7800 before 1.0.1.22.

Source: CVE-2017-18802

CVE-2020-8895

A vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker using DLL hijacking to insert malicious local files to execute unauthenticated remote code on the targeted system.

Source: CVE-2020-8895

CVE-2020-5268

In Saml2 Authentication Services for ASP.NET before versions 2.7.0 and 1.0.2, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens – a caller that presents a token is assumed to be the subject of the token. There is also support in the Saml2 protocol for issuing tokens that is tied to a subject through other means, e.g. holder-of-key where possession of a private key must be proved. The Sustainsys.Saml2 library incorrectly treats all incoming tokens as bearer tokens, even though they have another subject confirmation method specified. This could be used by an attacker that could get access to Saml2 tokens with another subject confirmation method than bearer. The attacker could then use such a token to create a log in session. This vulnerability is patched in versions 1.0.2 and 2.7.0.

Source: CVE-2020-5268

CVE-2020-1699

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.

Source: CVE-2020-1699

CVE-2020-10786

A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs.

Source: CVE-2020-10786

CVE-2020-11891

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.

Source: CVE-2020-11891

CVE-2020-11890

An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.

Source: CVE-2020-11890

CVE-2020-11889

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.

Source: CVE-2020-11889

CVE-2020-1757

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.

Source: CVE-2020-1757