Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15145 | 1 Getcomposer | 1 Composer-setup | 2024-08-04 | 6.7 Medium |
| In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing `C:\ProgramData\ComposerSetup\bin\composer.bat` in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the `C:\ProgramData\ComposerSetup\bin` folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability. | ||||
| CVE-2020-14156 | 1 Openbmc-project | 1 Openbmc | 2024-08-04 | 8.8 High |
| user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions. | ||||
| CVE-2020-14019 | 2 Redhat, Rtslib-fb Project | 2 Enterprise Linux, Rtslib-fb | 2024-08-04 | 7.8 High |
| Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. | ||||
| CVE-2020-13884 | 1 Citrix | 1 Workspace App | 2024-08-04 | 7.8 High |
| Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. | ||||
| CVE-2020-13894 | 1 Dext5 | 1 Dext5 | 2024-08-04 | 7.5 High |
| handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field. | ||||
| CVE-2020-13922 | 1 Apache | 1 Dolphinscheduler | 2024-08-04 | 6.5 Medium |
| Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | ||||
| CVE-2020-13867 | 3 Fedoraproject, Redhat, Targetcli-fb Project | 3 Fedora, Enterprise Linux, Targetcli-fb | 2024-08-04 | 5.5 Medium |
| Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). | ||||
| CVE-2020-13885 | 1 Citrix | 1 Workspace App | 2024-08-04 | 7.8 High |
| Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. | ||||
| CVE-2020-13770 | 1 Ivanti | 1 Endpoint Manager | 2024-08-04 | 7.8 High |
| Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. user ‘NT AUTHORITY\NETWORK SERVICE’). | ||||
| CVE-2020-13667 | 1 Drupal | 1 Drupal | 2024-08-04 | 5.3 Medium |
| Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see content before the site owner intends people to see the content. This vulnerability is mitigated by the fact that sites are only vulnerable if they have installed the experimental Workspaces module. This issue affects Drupal Core8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6. | ||||
| CVE-2020-13555 | 1 Advantech | 1 Webaccess\/scada | 2024-08-04 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13552 | 1 Advantech | 1 Webaccess\/scada | 2024-08-04 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13553 | 1 Advantech | 1 Webaccess\/scada | 2024-08-04 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13551 | 1 Advantech | 1 Webaccess\/scada | 2024-08-04 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13554 | 1 Advantech | 1 Webaccess\/scada | 2024-08-04 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13539 | 1 Win911 | 1 Win-911 | 2024-08-04 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed. | ||||
| CVE-2020-13534 | 1 Dreamreport | 1 Dream Report | 2024-08-04 | 7.8 High |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-13537 | 1 Moxa | 1 Mxview | 2024-08-04 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run. | ||||
| CVE-2020-13536 | 1 Moxa | 1 Mxview | 2024-08-04 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality. | ||||
| CVE-2020-13540 | 1 Win911 | 1 Win-911 | 2024-08-04 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed. | ||||