Total
332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2024-11-21 | 8.0 High |
| Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | ||||
| CVE-2020-8117 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | ||||
| CVE-2020-7063 | 5 Debian, Opensuse, Php and 2 more | 6 Debian Linux, Leap, Php and 3 more | 2024-11-21 | 5.5 Medium |
| In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. | ||||
| CVE-2020-6564 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page. | ||||
| CVE-2020-5796 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. | ||||
| CVE-2020-2025 | 1 Katacontainers | 1 Runtime | 2024-11-21 | 8.8 High |
| Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests. | ||||
| CVE-2020-27383 | 1 Blizzard | 1 Battle.net | 2024-11-21 | 7.8 High |
| Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control" | ||||
| CVE-2020-26246 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.7 High |
| Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions. | ||||
| CVE-2020-26121 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 7.5 High |
| An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title. | ||||
| CVE-2020-18890 | 1 Puppycms | 1 Puppycms | 2024-11-21 | 9.8 Critical |
| Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php. | ||||
| CVE-2020-16910 | 1 Microsoft | 11 Windows 10, Windows 10 1507, Windows 10 1607 and 8 more | 2024-11-21 | 6.2 Medium |
| <p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.</p> <p>To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.</p> <p>The security update addresses the vulnerability by correcting security feature behavior to enforce permissions.</p> | ||||
| CVE-2020-15496 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. | ||||
| CVE-2020-15113 | 3 Etcd, Fedoraproject, Redhat | 4 Etcd, Fedora, Openshift and 1 more | 2024-11-21 | 5.7 Medium |
| In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). | ||||
| CVE-2020-14958 | 1 Gogs | 1 Gogs | 2024-11-21 | 6.5 Medium |
| In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. | ||||
| CVE-2020-13763 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | ||||
| CVE-2020-13308 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.7 Low |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. | ||||
| CVE-2020-13282 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | ||||
| CVE-2020-13230 | 3 Cacti, Debian, Fedoraproject | 3 Cacti, Debian Linux, Fedora | 2024-11-21 | 4.3 Medium |
| In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). | ||||
| CVE-2020-12353 | 1 Intel | 1 Data Center Manager | 2024-11-21 | 6.5 Medium |
| Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. | ||||
| CVE-2020-12345 | 1 Intel | 1 Data Center Manager | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||