ReportizFlow
Filtered by vendor
Subscriptions
Total
279 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-0953 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278 | ||||
| CVE-2021-0927 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175 | ||||
| CVE-2021-0704 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675 | ||||
| CVE-2021-0074 | 1 Intel | 1 Computing Improvement Program | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-9781 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 5.3 Medium |
| The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to. | ||||
| CVE-2020-9442 | 2 Microsoft, Openvpn | 2 Windows, Connect | 2024-11-21 | 7.8 High |
| OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there. | ||||
| CVE-2020-8913 | 1 Android | 1 Play Core Library | 2024-11-21 | 8.8 High |
| A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later. | ||||
| CVE-2020-8634 | 1 Wftpserver | 1 Wing Ftp Server | 2024-11-21 | 7.8 High |
| Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root. | ||||
| CVE-2020-8633 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible. | ||||
| CVE-2020-8190 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2024-11-21 | 7.5 High |
| Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. | ||||
| CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2024-11-21 | 8.0 High |
| Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | ||||
| CVE-2020-8117 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | ||||
| CVE-2020-7063 | 5 Debian, Opensuse, Php and 2 more | 6 Debian Linux, Leap, Php and 3 more | 2024-11-21 | 5.5 Medium |
| In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. | ||||
| CVE-2020-6564 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page. | ||||
| CVE-2020-5796 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. | ||||
| CVE-2020-36070 | 1 Thecontrolgroup | 1 Voyager | 2024-11-21 | 9.8 Critical |
| Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component. | ||||
| CVE-2020-2025 | 1 Katacontainers | 1 Runtime | 2024-11-21 | 8.8 High |
| Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests. | ||||
| CVE-2020-27383 | 1 Blizzard | 1 Battle.net | 2024-11-21 | 7.8 High |
| Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control" | ||||
| CVE-2020-26246 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.7 High |
| Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions. | ||||
| CVE-2020-26121 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 7.5 High |
| An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title. | ||||