Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12354 | 1 Intel | 1 Active Management Technology Software Development Kit | 2024-08-04 | 7.8 High |
| Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12346 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-08-04 | 7.8 High |
| Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12277 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 5.3 Medium |
| GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated. | ||||
| CVE-2020-12287 | 1 Intel | 1 Distribution Of Openvino Toolkit | 2024-08-04 | 7.8 High |
| Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2020.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12118 | 1 Binance | 1 Tss-lib | 2024-08-04 | 8.2 High |
| The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties. | ||||
| CVE-2020-12075 | 1 Supsystic | 1 Data Tables Generator | 2024-08-04 | 8.8 High |
| The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. | ||||
| CVE-2020-12101 | 1 Xt-commerce | 1 Xt-commerce | 2024-08-04 | 4.3 Medium |
| The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address. | ||||
| CVE-2020-11997 | 1 Apache | 1 Guacamole | 2024-08-04 | 4.3 Medium |
| Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users. | ||||
| CVE-2020-11955 | 1 Rittal | 9 Cmc Iii Pu 7030.000, Cmc Iii Pu 7030.000 Firmware, Cmciii-pu-9333e0fb and 6 more | 2024-08-04 | 8.8 High |
| An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices. There are insecure permissions. | ||||
| CVE-2020-11867 | 2 Audacityteam, Fedoraproject | 2 Audacity, Fedora | 2024-08-04 | 3.3 Low |
| Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there. | ||||
| CVE-2020-11689 | 1 Jetbrains | 1 Teamcity | 2024-08-04 | 6.5 Medium |
| In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. | ||||
| CVE-2020-11692 | 1 Jetbrains | 1 Youtrack | 2024-08-04 | 2.7 Low |
| In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. | ||||
| CVE-2020-11716 | 1 Panasonic | 12 Eluga Ray 530, Eluga Ray 530 Firmware, Eluga Ray 600 and 9 more | 2024-08-04 | 9.8 Critical |
| Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support." | ||||
| CVE-2020-11444 | 1 Sonatype | 1 Nexus | 2024-08-04 | 8.8 High |
| Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. | ||||
| CVE-2020-10939 | 1 Phoenixcontact | 1 Pc Worx Srt | 2024-08-04 | 7.8 High |
| Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. | ||||
| CVE-2020-10782 | 1 Redhat | 1 Ansible Tower | 2024-08-04 | 6.5 Medium |
| An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality. This is fixed in Ansible version 3.7.1. | ||||
| CVE-2020-10792 | 1 It-novum | 1 Openitcockpit | 2024-08-04 | 7.5 High |
| openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header. | ||||
| CVE-2020-10660 | 1 Hashicorp | 1 Vault | 2024-08-04 | 5.3 Medium |
| HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4. | ||||
| CVE-2020-10606 | 1 Osisoft | 9 Pi Api, Pi Buffer Subsystem, Pi Connector and 6 more | 2024-08-04 | 7.8 High |
| In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissions set by affected PI System software. This exploitation can result in unauthorized information disclosure, deletion, or modification if the local computer also processes PI System data from other users, such as from a shared workstation or terminal server deployment. | ||||
| CVE-2020-10145 | 1 Adobe | 1 Coldfusion | 2024-08-04 | 7.8 High |
| The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. | ||||