Total
139 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-12353 | 1 Intel | 1 Data Center Manager | 2020-11-24 | 4.0 MEDIUM | 6.5 MEDIUM |
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. | |||||
CVE-2020-5796 | 1 Nagios | 1 Nagios Xi | 2020-11-24 | 7.2 HIGH | 7.8 HIGH |
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. | |||||
CVE-2020-12334 | 1 Intel | 1 Advisor Tools | 2020-11-24 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-12332 | 1 Intel | 1 Hid Event Filter Driver | 2020-11-24 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-12345 | 1 Intel | 1 Data Center Manager | 2020-11-20 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2013-6335 | 4 Hp, Ibm, Linux and 1 more | 5 Hp-ux, Aix, Tivoli Storage Manager and 2 more | 2020-10-29 | 3.3 LOW | N/A |
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. | |||||
CVE-2020-16910 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-10-21 | 4.3 MEDIUM | 5.5 MEDIUM |
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.The security update addresses the vulnerability by correcting security feature behavior to enforce permissions., aka 'Windows Security Feature Bypass Vulnerability'. | |||||
CVE-2020-13763 | 1 Joomla | 1 Joomla\! | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | |||||
CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2020-10-14 | 6.0 MEDIUM | 8.0 HIGH |
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | |||||
CVE-2020-0405 | 1 Google | 1 Android | 2020-09-24 | 4.6 MEDIUM | 7.8 HIGH |
In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111 | |||||
CVE-2020-13308 | 1 Gitlab | 1 Gitlab | 2020-09-18 | 4.0 MEDIUM | 2.7 LOW |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. | |||||
CVE-2019-13668 | 1 Google | 1 Chrome | 2020-08-24 | 4.3 MEDIUM | 7.4 HIGH |
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
CVE-2019-13682 | 1 Google | 1 Chrome | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||||
CVE-2019-11748 | 1 Mozilla | 2 Firefox, Firefox Esr | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | |||||
CVE-2020-13282 | 1 Gitlab | 1 Gitlab | 2020-08-19 | 4.9 MEDIUM | 3.5 LOW |
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | |||||
CVE-2020-8190 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2020-07-13 | 6.0 MEDIUM | 7.5 HIGH |
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. | |||||
CVE-2020-14958 | 1 Gogs | 1 Gogs | 2020-06-26 | 4.0 MEDIUM | 6.5 MEDIUM |
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. | |||||
CVE-2019-20846 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage. | |||||
CVE-2019-20843 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files. | |||||
CVE-2020-2025 | 1 Katacontainers | 1 Runtime | 2020-05-21 | 4.6 MEDIUM | 8.8 HIGH |
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests. |