Total
215 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-21379 | 1 Xwiki | 1 Xwiki | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inject scripts through it and they will be executed with the rights of the wiki macro (very often a user which has Programming rights). Fortunately, no such macro exists by default in XWiki Standard but one could have been created or installed with an extension. This vulnerability has been patched in versions XWiki 12.6.3, 11.10.11 and 12.8-rc-1. There is no easy workaround other than disabling the affected macros. Inserting content in a safe way or knowing what is the user who called the wiki macro is not easy. | |||||
CVE-2021-20263 | 1 Qemu | 1 Qemu | 2024-02-28 | 2.1 LOW | 3.3 LOW |
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. | |||||
CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2024-02-28 | 6.0 MEDIUM | 8.0 HIGH |
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | |||||
CVE-2021-23963 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85. | |||||
CVE-2020-12330 | 1 Intel | 2 Falcon 8\+ Uas Asctec Thermal Viewer, Falcon 8\+ Uas Asctec Thermal Viewer Firmware | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-26246 | 1 Pimcore | 1 Pimcore | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions. | |||||
CVE-2020-16910 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-28 | 4.3 MEDIUM | 6.2 MEDIUM |
<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.</p> <p>To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.</p> <p>The security update addresses the vulnerability by correcting security feature behavior to enforce permissions.</p> | |||||
CVE-2021-3418 | 1 Gnu | 1 Grub2 | 2024-02-28 | 4.4 MEDIUM | 6.4 MEDIUM |
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. | |||||
CVE-2020-12345 | 1 Intel | 1 Data Center Manager | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-12332 | 1 Intel | 1 Hid Event Filter Driver | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-12335 | 1 Intel | 1 Processor Identification Utility | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-0405 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111 | |||||
CVE-2020-8190 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. | |||||
CVE-2020-2025 | 1 Katacontainers | 1 Runtime | 2024-02-28 | 4.6 MEDIUM | 8.8 HIGH |
Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests. | |||||
CVE-2020-9781 | 1 Apple | 2 Ipados, Iphone Os | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to. | |||||
CVE-2020-15113 | 2 Etcd, Fedoraproject | 2 Etcd, Fedora | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). | |||||
CVE-2019-20846 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage. | |||||
CVE-2020-13308 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. | |||||
CVE-2020-13763 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | |||||
CVE-2020-13282 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.9 MEDIUM | 3.5 LOW |
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. |