Total
196 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12335 | 1 Intel | 1 Processor Identification Utility | 2020-11-30 | 7.8 High |
| Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12330 | 1 Intel | 2 Falcon 8\+ Uas Asctec Thermal Viewer, Falcon 8\+ Uas Asctec Thermal Viewer Firmware | 2020-11-30 | 7.8 High |
| Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12353 | 1 Intel | 1 Data Center Manager | 2020-11-24 | 6.5 Medium |
| Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. | ||||
| CVE-2020-5796 | 1 Nagios | 1 Nagios Xi | 2020-11-24 | 7.8 High |
| Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. | ||||
| CVE-2020-12332 | 1 Intel | 1 Hid Event Filter Driver | 2020-11-24 | 7.8 High |
| Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12334 | 1 Intel | 1 Advisor Tools | 2020-11-24 | 7.8 High |
| Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12345 | 1 Intel | 1 Data Center Manager | 2020-11-20 | 7.8 High |
| Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2013-6335 | 4 Hp, Ibm, Linux and 1 more | 5 Hp-ux, Aix, Tivoli Storage Manager and 2 more | 2020-10-29 | N/A |
| The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. | ||||
| CVE-2020-13763 | 1 Joomla | 1 Joomla\! | 2020-10-19 | 7.5 High |
| In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | ||||
| CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2020-10-14 | 8.0 High |
| Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | ||||
| CVE-2020-0405 | 1 Google | 1 Android | 2020-09-24 | 7.8 High |
| In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111 | ||||
| CVE-2020-13308 | 1 Gitlab | 1 Gitlab | 2020-09-18 | 2.7 Low |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. | ||||
| CVE-2019-11748 | 1 Mozilla | 2 Firefox, Firefox Esr | 2020-08-24 | 6.5 Medium |
| WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | ||||
| CVE-2020-13282 | 1 Gitlab | 1 Gitlab | 2020-08-19 | 3.5 Low |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | ||||
| CVE-2020-8190 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2020-07-13 | 7.5 High |
| Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. | ||||
| CVE-2020-14958 | 1 Gogs | 1 Gogs | 2020-06-26 | 6.5 Medium |
| In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. | ||||
| CVE-2019-20846 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage. | ||||
| CVE-2019-20843 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files. | ||||
| CVE-2020-2025 | 1 Katacontainers | 1 Runtime | 2020-05-21 | 8.8 High |
| Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests. | ||||
| CVE-2020-9781 | 1 Apple | 2 Ipados, Iphone Os | 2020-04-03 | 5.3 Medium |
| The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to. | ||||