Total
1627 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4625 | 1 Ibm | 1 Cloud Pak For Security | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. | |||||
| CVE-2020-4347 | 1 Ibm | 1 Infosphere Information Server | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412. | |||||
| CVE-2020-4311 | 1 Ibm | 1 Tivoli Monitoring | 2026-06-17 | 6.9 MEDIUM | 7.0 HIGH |
| IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system. IBM X-Force ID: 177083. | |||||
| CVE-2020-4289 | 1 Ibm | 1 Security Information Queue | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 176332. | |||||
| CVE-2020-4278 | 1 Ibm | 3 Platform Lsf, Spectrum Computing For High Performance Analytics, Spectrum Lsf | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Spectrum Suite for HPA 10.2 could allow a local user to escalate their privileges due to weak file permissions when specific debug settings are enabled in a Linux or Unix enviornment. IBM X-Force ID: 176137. | |||||
| CVE-2020-4146 | 1 Ibm | 1 Security Siteprotector System | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129. | |||||
| CVE-2020-3961 | 2 Microsoft, Vmware | 2 Windows, Horizon Client | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user. | |||||
| CVE-2020-3948 | 1 Vmware | 2 Fusion, Workstation | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM. | |||||
| CVE-2020-3595 | 1 Cisco | 1 Sd-wan | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Cisco SD-WAN Software could allow an authenticated, local attacker to elevate privileges to root group on the underlying operating system. The vulnerability is due to incorrect permissions being set when the affected command is executed. An attacker could exploit this vulnerability by executing the affected command on an affected system. A successful exploit could allow the attacker to gain root privileges. | |||||
| CVE-2020-3503 | 1 Cisco | 128 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 125 more | 2026-06-17 | 3.6 LOW | 6.0 MEDIUM |
| A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators. | |||||
| CVE-2020-3312 | 1 Cisco | 1 Secure Firewall Management Center | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the application policy configuration of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data on an affected device. The vulnerability is due to insufficient application identification. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data. | |||||
| CVE-2020-36938 | 2026-06-17 | N/A | 8.8 HIGH | ||
| WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory. | |||||
| CVE-2020-36916 | 2026-06-17 | N/A | 8.8 HIGH | ||
| TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access. | |||||
| CVE-2020-36770 | 1 Gentoo | 1 Ebuild For Slurm | 2026-06-17 | N/A | 9.8 CRITICAL |
| pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files. | |||||
| CVE-2020-36154 | 1 Pearson | 1 Vue Testing System | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full Control permissions for Everyone in the "%SYSTEMDRIVE%\Pearson VUE" directory, which allows local users to obtain administrative privileges via a Trojan horse application. | |||||
| CVE-2020-29074 | 3 Debian, Fedoraproject, X11vnc Project | 3 Debian Linux, Fedora, X11vnc | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. | |||||
| CVE-2020-28914 | 1 Katacontainers | 1 Kata-containers | 2026-06-17 | 3.6 LOW | 7.1 HIGH |
| An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only. | |||||
| CVE-2020-28910 | 1 Nagios | 1 Nagios Xi | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh. | |||||
| CVE-2020-28909 | 1 Nagios | 1 Fusion | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo. | |||||
| CVE-2020-28482 | 1 Fastify | 1 Fastify-csrf | 2026-06-17 | 6.8 MEDIUM | 5.9 MEDIUM |
| This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter | |||||