Vulnerabilities (CVE)

Filtered by CWE-281
Total 218 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15496 1 Acronis 1 True Image 2024-11-21 4.6 MEDIUM 7.8 HIGH
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions.
CVE-2020-15113 2 Etcd, Fedoraproject 2 Etcd, Fedora 2024-11-21 3.6 LOW 5.7 MEDIUM
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).
CVE-2020-14958 1 Gogs 1 Gogs 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.
CVE-2020-13763 1 Joomla 1 Joomla\! 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
CVE-2020-13308 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 2.7 LOW
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance.
CVE-2020-13282 1 Gitlab 1 Gitlab 2024-11-21 4.9 MEDIUM 3.1 LOW
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access.
CVE-2020-13230 3 Cacti, Debian, Fedoraproject 3 Cacti, Debian Linux, Fedora 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
CVE-2020-12744 1 Verint 1 Desktop And Process Analytics 2024-11-21 N/A 7.8 HIGH
The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair.
CVE-2020-12353 1 Intel 1 Data Center Manager 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access.
CVE-2020-12345 1 Intel 1 Data Center Manager 2024-11-21 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-12335 1 Intel 1 Processor Identification Utility 2024-11-21 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-12334 1 Intel 1 Advisor Tools 2024-11-21 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-12332 1 Intel 1 Hid Event Filter Driver 2024-11-21 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-12330 1 Intel 2 Falcon 8\+ Uas Asctec Thermal Viewer, Falcon 8\+ Uas Asctec Thermal Viewer Firmware 2024-11-21 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-10083 1 Gitlab 1 Gitlab 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied.
CVE-2020-0405 1 Google 1 Android 2024-11-21 4.6 MEDIUM 7.8 HIGH
In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111
CVE-2019-6995 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues.
CVE-2019-6791 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility.
CVE-2019-20846 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.
CVE-2019-20843 1 Mattermost 1 Mattermost Server 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.