Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-281
Total 139 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12353 1 Intel 1 Data Center Manager 2020-11-24 4.0 MEDIUM 6.5 MEDIUM
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access.
CVE-2020-5796 1 Nagios 1 Nagios Xi 2020-11-24 7.2 HIGH 7.8 HIGH
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.
CVE-2020-12334 1 Intel 1 Advisor Tools 2020-11-24 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-12332 1 Intel 1 Hid Event Filter Driver 2020-11-24 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-12345 1 Intel 1 Data Center Manager 2020-11-20 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2013-6335 4 Hp, Ibm, Linux and 1 more 5 Hp-ux, Aix, Tivoli Storage Manager and 2 more 2020-10-29 3.3 LOW N/A
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
CVE-2020-16910 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2020-10-21 4.3 MEDIUM 5.5 MEDIUM
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.The security update addresses the vulnerability by correcting security feature behavior to enforce permissions., aka 'Windows Security Feature Bypass Vulnerability'.
CVE-2020-13763 1 Joomla 1 Joomla\! 2020-10-19 5.0 MEDIUM 7.5 HIGH
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
CVE-2020-8182 1 Nextcloud 1 Deck 2020-10-14 6.0 MEDIUM 8.0 HIGH
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.
CVE-2020-0405 1 Google 1 Android 2020-09-24 4.6 MEDIUM 7.8 HIGH
In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111
CVE-2020-13308 1 Gitlab 1 Gitlab 2020-09-18 4.0 MEDIUM 2.7 LOW
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance.
CVE-2019-13668 1 Google 1 Chrome 2020-08-24 4.3 MEDIUM 7.4 HIGH
Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2019-13682 1 Google 1 Chrome 2020-08-24 6.8 MEDIUM 8.8 HIGH
Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2019-11748 1 Mozilla 2 Firefox, Firefox Esr 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2020-13282 1 Gitlab 1 Gitlab 2020-08-19 4.9 MEDIUM 3.5 LOW
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.
CVE-2020-8190 1 Citrix 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more 2020-07-13 6.0 MEDIUM 7.5 HIGH
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
CVE-2020-14958 1 Gogs 1 Gogs 2020-06-26 4.0 MEDIUM 6.5 MEDIUM
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.
CVE-2019-20846 1 Mattermost 1 Mattermost Server 2020-06-19 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.
CVE-2019-20843 1 Mattermost 1 Mattermost Server 2020-06-19 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.
CVE-2020-2025 1 Katacontainers 1 Runtime 2020-05-21 4.6 MEDIUM 8.8 HIGH
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests.