Total
1021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29492 | 1 Dell | 8 Wyse 3040, Wyse 5010, Wyse 5040 and 5 more | 2024-11-21 | 6.4 MEDIUM | 10.0 CRITICAL |
| Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station. | |||||
| CVE-2020-29491 | 1 Dell | 8 Wyse 3040, Wyse 5010, Wyse 5040 and 5 more | 2024-11-21 | 5.0 MEDIUM | 10.0 CRITICAL |
| Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise of impacted thin clients. | |||||
| CVE-2020-28906 | 1 Nagios | 2 Fusion, Nagios Xi | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root. | |||||
| CVE-2020-28392 | 1 Siemens | 1 Simaris Configuration | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine. | |||||
| CVE-2020-28044 | 1 Pax | 1 Prolinos | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions. | |||||
| CVE-2020-28041 | 1 Netgear | 2 Nighthawk R7000, Nighthawk R7000 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data. | |||||
| CVE-2020-27665 | 1 Strapi | 1 Strapi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes. | |||||
| CVE-2020-27569 | 1 Aviatrix | 1 Openvpn | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system. | |||||
| CVE-2020-27384 | 1 Arena | 1 Guild Wars 2 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable. | |||||
| CVE-2020-27358 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}. | |||||
| CVE-2020-27228 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. | |||||
| CVE-2020-26941 | 1 Eset | 8 Endpoint Antivirus, Endpoint Security, File Security and 5 more | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower. | |||||
| CVE-2020-26809 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality. | |||||
| CVE-2020-26807 | 1 Sap | 1 Erp Client For E-bilanz | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder. | |||||
| CVE-2020-26180 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols. | |||||
| CVE-2020-26088 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. | |||||
| CVE-2020-26031 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions). | |||||
| CVE-2020-25593 | 1 Acronis | 1 True Image | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. | |||||
| CVE-2020-25245 | 1 Siemens | 1 Digsi 4 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM. | |||||
| CVE-2020-25208 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions. | |||||