Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13535 | 1 Kepware | 1 Linkmaster | 2024-08-04 | 7.8 High |
| A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges. | ||||
| CVE-2020-13533 | 1 Dreamreport | 1 Dream Report | 2024-08-04 | 7.8 High |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application. | ||||
| CVE-2020-13541 | 1 Win911 | 1 Mobile-911 Server | 2024-08-04 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other files within the installation folder that could lead to local privilege escalation. | ||||
| CVE-2020-13542 | 1 Logicaldoc | 1 Logicaldoc | 2024-08-04 | 7.8 High |
| A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges. | ||||
| CVE-2020-13468 | 1 Gigadevice | 2 Gd32f130, Gd32f130 Firmware | 2024-08-04 | 6.8 Medium |
| Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection). | ||||
| CVE-2020-13452 | 1 Thecodingmachine | 1 Gotenberg | 2024-08-04 | 9.8 Critical |
| In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution. | ||||
| CVE-2020-13549 | 1 Sytech | 1 Xlreporter | 2024-08-04 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation. | ||||
| CVE-2020-13532 | 1 Dreamreport | 1 Dream Report | 2024-08-04 | 7.8 High |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-13351 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 6.5 Medium |
| Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. | ||||
| CVE-2020-12831 | 2 Linuxfoundation, Redhat | 2 Free Range Routing, Enterprise Linux | 2024-08-04 | 5.3 Medium |
| An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file | ||||
| CVE-2020-13240 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-04 | 5.4 Medium |
| The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. | ||||
| CVE-2020-13149 | 1 Msi | 1 Dragon Center | 2024-08-04 | 7.8 High |
| Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory. | ||||
| CVE-2020-12912 | 1 Amd | 1 Energy Driver For Linux | 2024-08-04 | 5.5 Medium |
| A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. | ||||
| CVE-2020-12834 | 1 Eq-3 | 4 Ccu3 Firmware, Homematic Ccu2, Homematic Ccu2 Firmware and 1 more | 2024-08-04 | 9.8 Critical |
| eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset). | ||||
| CVE-2020-12695 | 22 Asus, Broadcom, Canon and 19 more | 218 Rt-n11, Adsl, Selphy Cp1200 and 215 more | 2024-08-04 | 7.5 High |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | ||||
| CVE-2020-12608 | 1 Solarwinds | 1 Managed Service Provider Patch Management Engine | 2024-08-04 | 7.8 High |
| An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter. | ||||
| CVE-2020-12424 | 3 Mozilla, Opensuse, Redhat | 5 Firefox, Leap, Enterprise Linux and 2 more | 2024-08-04 | 6.5 Medium |
| When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. | ||||
| CVE-2020-12415 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-08-04 | 6.5 Medium |
| When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. | ||||
| CVE-2020-12306 | 2 Intel, Microsoft | 2 Realsense D400 Series Dynamic Calibration Tool, Windows | 2024-08-04 | 7.8 High |
| Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12307 | 1 Intel | 1 High Definition Audio Driver | 2024-08-04 | 7.8 High |
| Improper permissions in some Intel(R) High Definition Audio drivers before version 9.21.00.4561 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||