Total
1461 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11689 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
|
|||||
| CVE-2020-11444 | 1 Sonatype | 1 Nexus | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
|
|||||
| CVE-2020-10939 | 1 Phoenixcontact | 1 Pc Worx Srt | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
|
|||||
| CVE-2020-10792 | 1 It-novum | 1 Openitcockpit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header.
|
|||||
| CVE-2020-10782 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1.
|
|||||
| CVE-2020-10660 | 1 Hashicorp | 1 Vault | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.
|
|||||
| CVE-2020-10606 | 1 Osisoft | 9 Pi Api, Pi Buffer Subsystem, Pi Connector and 6 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment.
|
|||||
| CVE-2020-10279 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
MiR robot controllers (central computation unit) makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creation, access race conditions, insecure home directory configurations and defaults that facilitate Denial of Service (DoS) attacks.
|
|||||
| CVE-2020-10145 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability.
|
|||||
| CVE-2020-10050 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts.
|
|||||
| CVE-2020-10049 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
|
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators.
|
|||||
| CVE-2020-0564 | 1 Intel | 1 Raid Web Console 3 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-0562 | 1 Intel | 1 Raid Web Console 2 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper permissions in the installer for Intel(R) RWC2, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-0560 | 1 Intel | 1 Renesas Electronics Usb 3.0 Driver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-0547 | 1 Intel | 1 Data Migration | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-0524 | 1 Intel | 6 Ethernet Controller I210-at, Ethernet Controller I210-cl, Ethernet Controller I210-cs and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-0514 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-0508 | 1 Intel | 1 Graphics Driver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2020-0486 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857116
|
|||||
| CVE-2020-0390 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157598026
|
|||||
| CVE-2020-0388 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-156123285
|
|||||
| CVE-2020-0374 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602
|
|||||
| CVE-2020-0294 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In bindWallpaperComponentLocked of WallpaperManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-154915372
|
|||||
| CVE-2020-0275 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736
|
|||||
| CVE-2020-0215 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248
|
|||||
| CVE-2020-0209 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206842
|
|||||
| CVE-2020-0208 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145207098
|
|||||
| CVE-2020-0133 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
|
In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145136060
|
|||||
| CVE-2020-0122 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147247775
|
|||||
| CVE-2020-0024 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265
|
|||||
| CVE-2020-0009 | 2 Debian, Google | 2 Debian Linux, Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932
|
|||||
| CVE-2019-9943 | 1 Openmicroscopy | 1 Omero.server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled.
|
|||||
| CVE-2019-9682 | 1 Dahuasecurity | 40 Ipc-hdbw1320e-w, Ipc-hdbw1320e-w Firmware, Ipc-hx2xxx and 37 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method.
|
|||||
| CVE-2019-9679 | 1 Dahuasecurity | 18 Ipc-hdbw4x2x, Ipc-hdbw4x2x Firmware, Ipc-hdw1x2x and 15 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Some of Dahua's Debug functions do not have permission separation. Low-privileged users can use the Debug function after logging in. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18,2019.
|
|||||
| CVE-2019-9630 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images.
|
|||||
| CVE-2019-8777 | 1 Apple | 1 Mac Os X | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen.
|
|||||
| CVE-2019-8731 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue is fixed in iOS 13. Processing a maliciously crafted file may disclose user information.
|
|||||
| CVE-2019-7588 | 2 Exacq, Microsoft | 2 Enterprise System Manager, Windows | 2024-11-21 | 6.9 MEDIUM | 6.7 MEDIUM |
|
A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not impact any Windows Server OSs, or Linux deployments with permissions that are not inherited from the root directory. Authorized Users have ‘modify’ permission to the ESM folders, which allows a low priv ...
Show More |
|||||
| CVE-2019-5687 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor
|
|||||
| CVE-2019-4652 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963.
|
|||||