Vulnerabilities (CVE)

Filtered by CWE-281
Total 218 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-0927 1 Google 1 Android 2024-11-21 7.2 HIGH 7.8 HIGH
In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175
CVE-2021-0704 1 Google 1 Android 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675
CVE-2021-0074 1 Intel 1 Computing Improvement Program 2024-11-21 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-9781 1 Apple 2 Ipados, Iphone Os 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to.
CVE-2020-9442 2 Microsoft, Openvpn 2 Windows, Connect 2024-11-21 7.2 HIGH 7.8 HIGH
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
CVE-2020-8634 1 Wftpserver 1 Wing Ftp Server 2024-11-21 7.2 HIGH 7.8 HIGH
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root.
CVE-2020-8633 1 Synacor 1 Zimbra Collaboration Suite 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
CVE-2020-8190 1 Citrix 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more 2024-11-21 6.0 MEDIUM 7.5 HIGH
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
CVE-2020-8182 1 Nextcloud 1 Deck 2024-11-21 6.0 MEDIUM 8.0 HIGH
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.
CVE-2020-8117 1 Nextcloud 1 Nextcloud Server 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
CVE-2020-7063 4 Debian, Opensuse, Php and 1 more 4 Debian Linux, Leap, Php and 1 more 2024-11-21 5.0 MEDIUM 5.5 MEDIUM
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
CVE-2020-6564 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
CVE-2020-5796 1 Nagios 1 Nagios Xi 2024-11-21 7.2 HIGH 7.8 HIGH
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.
CVE-2020-36070 1 Thecontrolgroup 1 Voyager 2024-11-21 N/A 9.8 CRITICAL
Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component.
CVE-2020-2025 1 Katacontainers 1 Runtime 2024-11-21 4.6 MEDIUM 8.8 HIGH
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests.
CVE-2020-27383 1 Blizzard 1 Battle.net 2024-11-21 4.6 MEDIUM 7.8 HIGH
Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control"
CVE-2020-26246 1 Pimcore 1 Pimcore 2024-11-21 4.0 MEDIUM 7.7 HIGH
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
CVE-2020-18890 1 Puppycms 1 Puppycms 2024-11-21 7.5 HIGH 9.8 CRITICAL
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.
CVE-2020-18329 1 Carel 3 Pcoweb Card Bios, Pcoweb Card Boot, Pcoweb Card Web 2024-11-21 N/A 7.5 HIGH
An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.
CVE-2020-16910 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-11-21 4.3 MEDIUM 6.2 MEDIUM
<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.</p> <p>To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.</p> <p>The security update addresses the vulnerability by correcting security feature behavior to enforce permissions.</p>