ReportizFlow
Filtered by vendor
Subscriptions
Total
1411 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15838 | 1 Connectwise | 1 Automate | 2024-11-21 | 8.8 High |
| The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions. | ||||
| CVE-2020-15776 | 1 Gradle | 1 Enterprise | 2024-11-21 | 8.8 High |
| An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token, allowing them to perform cross-site request forgery. | ||||
| CVE-2020-15708 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 9.3 Critical |
| Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code. | ||||
| CVE-2020-15697 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users. | ||||
| CVE-2020-15529 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks. | ||||
| CVE-2020-15528 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks. | ||||
| CVE-2020-15397 | 2 Hylafax\+ Project, Ifax | 2 Hylafax\+, Hylafax Enterprise | 2024-11-21 | 7.8 High |
| HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root). | ||||
| CVE-2020-15329 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.3 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. | ||||
| CVE-2020-15328 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.3 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. | ||||
| CVE-2020-15250 | 5 Apache, Debian, Junit and 2 more | 5 Pluto, Debian Linux, Junit4 and 2 more | 2024-11-21 | 4.4 Medium |
| In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory. | ||||
| CVE-2020-14335 | 1 Redhat | 2 Satellite, Satellite Capsule | 2024-11-21 | 5.5 Medium |
| A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-14263 | 1 Hcltech | 1 Traveler Companion | 2024-11-21 | 3.9 Low |
| "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" | ||||
| CVE-2020-13938 | 4 Apache, Mcafee, Microsoft and 1 more | 4 Http Server, Epolicy Orchestrator, Windows and 1 more | 2024-11-21 | 5.5 Medium |
| Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | ||||
| CVE-2020-13915 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2024-11-21 | 7.5 High |
| Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | ||||
| CVE-2020-13912 | 1 Solarwinds | 1 Advanced Monitoring Agent | 2024-11-21 | 7.3 High |
| SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file. | ||||
| CVE-2020-13866 | 1 Qbik | 1 Wingate | 2024-11-21 | 7.8 High |
| WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | ||||
| CVE-2020-13431 | 1 Geti2p | 1 I2p | 2024-11-21 | 7.8 High |
| I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory. | ||||
| CVE-2020-13386 | 1 Smartdraw | 1 Smartdraw 2020 | 2024-11-21 | 7.3 High |
| In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the context of the user who installed the product. Both scheduled tasks attempt to run the same binary, C:\SmartDraw 2020\Messages\SDNotify.exe. The folder Messages doesn't exist by default and (by extension) neither does SDNotify.exe. Due to the weak folder permissions, these can be created by any user. A malicious actor can therefore create a malicious SDNotify.exe binary, and have it automatically run, whenever the user who installed the product logs on to the machine. The malicious SDNotify.exe could, for example, create a new local administrator account on the machine. | ||||
| CVE-2020-12842 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2024-11-21 | 9.8 Critical |
| ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. | ||||
| CVE-2020-12839 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2024-11-21 | 9.8 Critical |
| ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php. | ||||