ReportizFlow
Filtered by vendor
Subscriptions
Total
1448 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27836 | 1 Redhat | 3 Enterprise Linux, Openshift, Openshift Container Platform | 2024-11-21 | 9.8 Critical |
| A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.. | ||||
| CVE-2020-27658 | 1 Synology | 1 Router Manager | 2024-11-21 | 7.1 High |
| Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
| CVE-2020-27568 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 High |
| Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security. | ||||
| CVE-2020-26932 | 2 Debian, Sympa | 2 Debian Linux, Sympa | 2024-11-21 | 4.3 Medium |
| debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) | ||||
| CVE-2020-26196 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 5.5 Medium |
| Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location. | ||||
| CVE-2020-26194 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 7 High |
| Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default. | ||||
| CVE-2020-26155 | 2 Microsoft, Utimaco | 7 Windows, Block-safe Firmware, Cryptoserver Cp5 Firmware and 4 more | 2024-11-21 | 7.8 High |
| Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack. | ||||
| CVE-2020-26133 | 1 Dual Dhcp Dns Server Project | 1 Dual Dhcp Dns Server | 2024-11-21 | 7.8 High |
| An issue was discovered in Dual DHCP DNS Server 7.40. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the DualServer.exe binary. | ||||
| CVE-2020-26132 | 1 Home Dns Server Project | 1 Home Dns Server | 2024-11-21 | 7.8 High |
| An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe binary. | ||||
| CVE-2020-26131 | 1 Open Dhcp Server Project | 1 Open Dhcp Server | 2024-11-21 | 7.8 High |
| Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary. | ||||
| CVE-2020-26130 | 1 Open Tftp Server Project | 1 Open Tftp Server | 2024-11-21 | 7.8 High |
| Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary. | ||||
| CVE-2020-26106 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). | ||||
| CVE-2020-25826 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-11-21 | 7.8 High |
| PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. | ||||
| CVE-2020-25507 | 1 3ds | 1 Teamwork Cloud | 2024-11-21 | 7.8 High |
| An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions (0777 /etc/environment). Any local unprivileged user can execute arbitrary code simply by writing to /etc/environment, which will force all users, including root, to execute arbitrary code during the next login or reboot. In addition, the entire home directory of the twcloud user at /home/twcloud is recursively given world writable permissions. This allows any local unprivileged attacker to execute arbitrary code, as twcloud. This product was previous named Cameo Enterprise Data Warehouse (CEDW). | ||||
| CVE-2020-25284 | 4 Debian, Linux, Opensuse and 1 more | 4 Debian Linux, Linux Kernel, Leap and 1 more | 2024-11-21 | 4.1 Medium |
| The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | ||||
| CVE-2020-25191 | 1 Ni | 2 Compactrio, Compactrio Firmware | 2024-11-21 | 7.5 High |
| Incorrect permissions are set by default for an API entry-point of a specific service, allowing a non-authenticated user to trigger a function that could reboot the CompactRIO (Driver versions prior to 20.5) remotely. | ||||
| CVE-2020-25011 | 1 Kyland | 2 Kps2204 6 Port Managed Din-rail Programmable Serial Device, Kps2204 6 Port Managed Din-rail Programmable Serial Device Firmware | 2024-11-21 | 9.8 Critical |
| A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser. | ||||
| CVE-2020-24681 | 2 Br-automation, Microsoft | 2 Automation Studio, Windows | 2024-11-21 | 8.2 High |
| Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP. | ||||
| CVE-2020-24578 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-11-21 | 6.5 Medium |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). | ||||
| CVE-2020-24525 | 1 Intel | 46 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 43 more | 2024-11-21 | 7.8 High |
| Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||