Total
1375 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26932 | 2 Debian, Sympa | 2 Debian Linux, Sympa | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) | |||||
| CVE-2020-26196 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location. | |||||
| CVE-2020-26194 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.6 MEDIUM | 7.0 HIGH |
| Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default. | |||||
| CVE-2020-26155 | 2 Microsoft, Utimaco | 7 Windows, Block-safe Firmware, Cryptoserver Cp5 Firmware and 4 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack. | |||||
| CVE-2020-26133 | 1 Dual Dhcp Dns Server Project | 1 Dual Dhcp Dns Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Dual DHCP DNS Server 7.40. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the DualServer.exe binary. | |||||
| CVE-2020-26132 | 1 Home Dns Server Project | 1 Home Dns Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe binary. | |||||
| CVE-2020-26131 | 1 Open Dhcp Server Project | 1 Open Dhcp Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary. | |||||
| CVE-2020-26130 | 1 Open Tftp Server Project | 1 Open Tftp Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary. | |||||
| CVE-2020-26106 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). | |||||
| CVE-2020-25826 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. | |||||
| CVE-2020-25507 | 1 3ds | 1 Teamwork Cloud | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions (0777 /etc/environment). Any local unprivileged user can execute arbitrary code simply by writing to /etc/environment, which will force all users, including root, to execute arbitrary code during the next login or reboot. In addition, the entire home directory of the twcloud user at /home/twcloud is recursively given world writable permissions. This allows any local unprivileged attacker to execute arbitrary code, as twcloud. This product was previous named Cameo Enterprise Data Warehouse (CEDW). | |||||
| CVE-2020-25191 | 1 Ni | 2 Compactrio, Compactrio Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely. | |||||
| CVE-2020-25011 | 1 Kyland | 2 Kps2204 6 Port Managed Din-rail Programmable Serial Device, Kps2204 6 Port Managed Din-rail Programmable Serial Device Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser. | |||||
| CVE-2020-24681 | 2 Br-automation, Microsoft | 2 Automation Studio, Windows | 2024-11-21 | N/A | 8.2 HIGH |
| Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP. | |||||
| CVE-2020-24578 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). | |||||
| CVE-2020-24525 | 1 Intel | 46 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 43 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-24394 | 5 Canonical, Linux, Opensuse and 2 more | 5 Ubuntu Linux, Linux Kernel, Leap and 2 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. | |||||
| CVE-2020-24367 | 2 Bluestacks, Microsoft | 2 Bluestacks, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. | |||||
| CVE-2020-24355 | 1 Zyxel | 2 Vmg5313-b30b, Vmg5313-b30b Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion. | |||||
| CVE-2020-24263 | 1 Portainer | 1 Portainer | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host. | |||||