Total
743 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29491 | 1 Dell | 8 Wyse 3040, Wyse 5010, Wyse 5040 and 5 more | 2021-01-08 | 5.0 MEDIUM | 8.6 HIGH |
| Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise of impacted thin clients. | |||||
| CVE-2020-29492 | 1 Dell | 8 Wyse 3040, Wyse 5010, Wyse 5040 and 5 more | 2021-01-08 | 6.4 MEDIUM | 10.0 CRITICAL |
| Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station. | |||||
| CVE-2020-26031 | 1 Zammad | 1 Zammad | 2020-12-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions). | |||||
| CVE-2020-0486 | 1 Google | 1 Android | 2020-12-16 | 4.6 MEDIUM | 7.8 HIGH |
| In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857116 | |||||
| CVE-2020-0294 | 1 Google | 1 Android | 2020-12-14 | 2.1 LOW | 5.5 MEDIUM |
| In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154915372 | |||||
| CVE-2020-5798 | 1 Druva | 1 Insync | 2020-12-08 | 7.2 HIGH | 7.8 HIGH |
| inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions. | |||||
| CVE-2020-8539 | 1 Kia | 2 Head Unit, Head Unit Firmware | 2020-12-07 | 4.6 MEDIUM | 7.8 HIGH |
| Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle. | |||||
| CVE-2020-12510 | 1 Beckhoff | 1 Twincat Extended Automation Runtime | 2020-12-03 | 6.0 MEDIUM | 7.3 HIGH |
| The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT. If the directory does not exist it and further subdirectories are created with permissions which allow every local user to modify the content. The default installation registers TcSysUI.exe for automatic execution upon log in of a user. If a less privileged user has a local account he or she can replace TcSysUI.exe. It will be executed automatically by another user during login. This is also true for users with administrative access. Consequently, a less privileged user can trick a higher privileged user into executing code he or she modified this way. By default Beckhoff’s IPCs are shipped with TwinCAT software installed this way and with just a single local user configured. Thus the vulnerability exists if further less privileged users have been added. | |||||
| CVE-2020-13351 | 1 Gitlab | 1 Gitlab | 2020-11-27 | 5.0 MEDIUM | 6.5 MEDIUM |
| Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. | |||||
| CVE-2019-3689 | 2 Linux-nfs, Suse | 2 Nfs-utils, Linux Enterprise Server | 2020-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system. | |||||
| CVE-2020-12346 | 1 Intel | 1 Battery Life Diagnostic Tool | 2020-11-24 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-13770 | 1 Ivanti | 1 Endpoint Manager | 2020-11-24 | 7.2 HIGH | 7.8 HIGH |
| Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. user ‘NT AUTHORITY\NETWORK SERVICE’). | |||||
| CVE-2020-12354 | 1 Intel | 1 Active Management Technology Software Development Kit | 2020-11-24 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12307 | 1 Intel | 1 High Definition Audio Driver | 2020-11-24 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12306 | 2 Intel, Microsoft | 2 Realsense D400 Series Dynamic Calibration Tool, Windows | 2020-11-24 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-26807 | 1 Sap | 1 Erp Client For E-bilanz | 2020-11-24 | 2.1 LOW | 3.3 LOW |
| SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder. | |||||
| CVE-2020-24460 | 1 Intel | 1 Driver \& Support Assistant | 2020-11-20 | 2.1 LOW | 5.5 MEDIUM |
| Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-24456 | 1 Intel | 1 Board Id Tool | 2020-11-20 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-28044 | 1 Pax | 1 Prolinos | 2020-11-17 | 7.2 HIGH | 6.8 MEDIUM |
| An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions. | |||||
| CVE-2019-8777 | 1 Apple | 1 Mac Os X | 2020-10-30 | 2.1 LOW | 2.4 LOW |
| A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen. | |||||