ReportizFlow
Filtered by vendor
Subscriptions
Total
1411 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26133 | 1 Dual Dhcp Dns Server Project | 1 Dual Dhcp Dns Server | 2024-11-21 | 7.8 High |
| An issue was discovered in Dual DHCP DNS Server 7.40. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the DualServer.exe binary. | ||||
| CVE-2020-26132 | 1 Home Dns Server Project | 1 Home Dns Server | 2024-11-21 | 7.8 High |
| An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe binary. | ||||
| CVE-2020-26131 | 1 Open Dhcp Server Project | 1 Open Dhcp Server | 2024-11-21 | 7.8 High |
| Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary. | ||||
| CVE-2020-26130 | 1 Open Tftp Server Project | 1 Open Tftp Server | 2024-11-21 | 7.8 High |
| Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary. | ||||
| CVE-2020-26106 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). | ||||
| CVE-2020-25826 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-11-21 | 7.8 High |
| PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. | ||||
| CVE-2020-25507 | 1 3ds | 1 Teamwork Cloud | 2024-11-21 | 7.8 High |
| An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions (0777 /etc/environment). Any local unprivileged user can execute arbitrary code simply by writing to /etc/environment, which will force all users, including root, to execute arbitrary code during the next login or reboot. In addition, the entire home directory of the twcloud user at /home/twcloud is recursively given world writable permissions. This allows any local unprivileged attacker to execute arbitrary code, as twcloud. This product was previous named Cameo Enterprise Data Warehouse (CEDW). | ||||
| CVE-2020-25284 | 4 Debian, Linux, Opensuse and 1 more | 4 Debian Linux, Linux Kernel, Leap and 1 more | 2024-11-21 | 4.1 Medium |
| The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | ||||
| CVE-2020-25191 | 1 Ni | 2 Compactrio, Compactrio Firmware | 2024-11-21 | 7.5 High |
| Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely. | ||||
| CVE-2020-25011 | 1 Kyland | 2 Kps2204 6 Port Managed Din-rail Programmable Serial Device, Kps2204 6 Port Managed Din-rail Programmable Serial Device Firmware | 2024-11-21 | 9.8 Critical |
| A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser. | ||||
| CVE-2020-24681 | 2 Br-automation, Microsoft | 2 Automation Studio, Windows | 2024-11-21 | 8.2 High |
| Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP. | ||||
| CVE-2020-24578 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-11-21 | 6.5 Medium |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). | ||||
| CVE-2020-24525 | 1 Intel | 46 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 43 more | 2024-11-21 | 7.8 High |
| Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-24394 | 6 Canonical, Linux, Opensuse and 3 more | 11 Ubuntu Linux, Linux Kernel, Leap and 8 more | 2024-11-21 | 7.1 High |
| In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. | ||||
| CVE-2020-24367 | 2 Bluestacks, Microsoft | 2 Bluestacks, Windows | 2024-11-21 | 7.8 High |
| Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. | ||||
| CVE-2020-24355 | 1 Zyxel | 2 Vmg5313-b30b, Vmg5313-b30b Firmware | 2024-11-21 | 9.8 Critical |
| Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion. | ||||
| CVE-2020-24263 | 1 Portainer | 1 Portainer | 2024-11-21 | 8.8 High |
| Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host. | ||||
| CVE-2020-23834 | 1 Realtimelogic | 1 Barracudadrive | 2024-11-21 | 8.8 High |
| Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem. | ||||
| CVE-2020-1958 | 1 Apache | 1 Druid | 2024-11-21 | 6.5 Medium |
| When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user. | ||||
| CVE-2020-1754 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
| In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. | ||||