Total
189 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-27383 | 1 Blizzard | 1 Battle.net | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control" | |||||
CVE-2020-15496 | 1 Acronis | 1 True Image | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. | |||||
CVE-2021-38553 | 1 Hashicorp | 1 Vault | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0. | |||||
CVE-2021-22137 | 1 Elastic | 1 Elasticsearch | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. | |||||
CVE-2020-18890 | 1 Puppycms | 1 Puppycms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php. | |||||
CVE-2021-21735 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. | |||||
CVE-2021-30482 | 1 Jetbrains | 1 Upsource | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly | |||||
CVE-2021-3495 | 2 Netlify, Redhat | 2 Kiali-operator, Openshift Service Mesh | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2020-0327 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407 | |||||
CVE-2020-12332 | 1 Intel | 1 Hid Event Filter Driver | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-0269 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626 | |||||
CVE-2020-6564 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page. | |||||
CVE-2020-0405 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111 | |||||
CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | |||||
CVE-2020-0265 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839 | |||||
CVE-2020-12335 | 1 Intel | 1 Processor Identification Utility | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-0331 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device's IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310 | |||||
CVE-2021-21379 | 1 Xwiki | 1 Xwiki | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inject scripts through it and they will be executed with the rights of the wiki macro (very often a user which has Programming rights). Fortunately, no such macro exists by default in XWiki Standard but one could have been created or installed with an extension. This vulnerability has been patched in versions XWiki 12.6.3, 11.10.11 and 12.8-rc-1. There is no easy workaround other than disabling the affected macros. Inserting content in a safe way or knowing what is the user who called the wiki macro is not easy. | |||||
CVE-2020-26246 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions. | |||||
CVE-2020-12334 | 1 Intel | 1 Advisor Tools | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access. |