Total
743 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36233 | 2 Atlassian, Microsoft | 2 Bitbucket, Windows | 2021-02-24 | 4.6 MEDIUM | 7.8 HIGH |
| The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | |||||
| CVE-2021-20653 | 1 Nec | 8 Csdj-a, Csdj-a Firmware, Csdj-b and 5 more | 2021-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, and CSDJ-A 03.08.00 and earlier) allows remote attackers to bypass access restriction and to obtain unauthorized historical data without access privileges via unspecified vectors. | |||||
| CVE-2020-8765 | 1 Intel | 4 Realsense Camera F200, Realsense Camera R200, Realsense Camera Sr300 and 1 more | 2021-02-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8701 | 1 Intel | 1 Solid-state Drive Toolbox | 2021-02-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0524 | 1 Intel | 6 Ethernet Controller I210-at, Ethernet Controller I210-cl, Ethernet Controller I210-cs and 3 more | 2021-02-22 | 2.1 LOW | 5.5 MEDIUM |
| Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-16144 | 1 Owncloud | 1 Files Antivirus | 2021-02-18 | 3.5 LOW | 5.7 MEDIUM |
| When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the files_antivirus component versions before 0.15.2 for ownCloud. | |||||
| CVE-2021-3394 | 1 Millewin | 1 Millewin | 2021-02-10 | 6.5 MEDIUM | 8.8 HIGH |
| Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation. | |||||
| CVE-2021-21436 | 1 Otrs | 1 Cis In Customer Frontend | 2021-02-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Agents are able to see and link Config Items without permissions, which are defined in General Catalog. This issue affects: OTRS AG OTRSCIsInCustomerFrontend 7.0.x version 7.0.14 and prior versions. | |||||
| CVE-2019-20468 | 1 Tk-star | 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS. | |||||
| CVE-2020-25208 | 1 Jetbrains | 1 Youtrack | 2021-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions. | |||||
| CVE-2020-26941 | 1 Eset | 8 Endpoint Antivirus, Endpoint Security, File Security and 5 more | 2021-02-02 | 3.6 LOW | 5.5 MEDIUM |
| A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower. | |||||
| CVE-2020-6471 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-01-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2020-6482 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-01-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2020-6480 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-01-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions. | |||||
| CVE-2020-6476 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-01-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2020-6487 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-01-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6483 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-01-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-11997 | 1 Apache | 1 Guacamole | 2021-01-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users. | |||||
| CVE-2020-13922 | 1 Apache | 1 Dolphinscheduler | 2021-01-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | |||||
| CVE-2020-13452 | 1 Thecodingmachine | 1 Gotenberg | 2021-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution. | |||||