Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10049 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-08-04 | 7.3 High |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators. | ||||
| CVE-2020-10050 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-08-04 | 7.8 High |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts. | ||||
| CVE-2020-9817 | 1 Apple | 1 Mac Os X | 2024-08-04 | 7.8 High |
| A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges. | ||||
| CVE-2020-9543 | 2 Openstack, Redhat | 2 Manila, Openstack | 2024-08-04 | 8.3 High |
| OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks. | ||||
| CVE-2020-9450 | 1 Acronis | 1 True Image 2020 | 2024-08-04 | 7.8 High |
| An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an arbitrary malicious executable to the whitelist, or even exclude an entire drive from being monitored by anti_ransomware_service.exe. | ||||
| CVE-2020-9392 | 1 Supsystic | 1 Pricing Table By Supsystic | 2024-08-04 | 7.3 High |
| An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table. | ||||
| CVE-2020-9451 | 1 Acronis | 1 True Image 2020 | 2024-08-04 | 5.5 Medium |
| An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a (not yet created) log file to anti_ransomware_service.exe. On reboot, this forces the anti_ransomware_service to try to write its log into its own process, crashing in a SHARING VIOLATION. This crash occurs on every reboot. | ||||
| CVE-2020-9039 | 1 Couchbase | 1 Couchbase Server | 2024-08-04 | 9.8 Critical |
| Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs. | ||||
| CVE-2020-8954 | 1 Openbrowser Project | 1 Openbrowser | 2024-08-04 | 5.4 Medium |
| OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated] | ||||
| CVE-2020-8903 | 2 Google, Opensuse | 2 Guest-oslogin, Leap | 2024-08-04 | 7.8 High |
| A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry. | ||||
| CVE-2020-8908 | 5 Google, Netapp, Oracle and 2 more | 20 Guava, Active Iq Unified Manager, Commerce Guided Search and 17 more | 2024-08-04 | 3.3 Low |
| A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. | ||||
| CVE-2020-8933 | 2 Google, Opensuse | 2 Guest-oslogin, Leap | 2024-08-04 | 7.8 High |
| A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry. | ||||
| CVE-2020-8907 | 2 Google, Opensuse | 2 Guest-oslogin, Leap | 2024-08-04 | 7.8 High |
| A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry. | ||||
| CVE-2020-8798 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2024-08-04 | 5.5 Medium |
| httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network. | ||||
| CVE-2020-8765 | 1 Intel | 4 Realsense Camera F200, Realsense Camera R200, Realsense Camera Sr300 and 1 more | 2024-08-04 | 6.7 Medium |
| Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8763 | 2 Intel, Microsoft | 4 Realsense D415 Firmware, Realsense D435 Firmware, Realsense D435i Firmware and 1 more | 2024-08-04 | 7.8 High |
| Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8741 | 1 Intel | 1 Thunderbolt Non-dch Driver | 2024-08-04 | 7.8 High |
| Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8743 | 1 Intel | 1 Mailbox Interface Driver | 2024-08-04 | 7.8 High |
| Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8701 | 1 Intel | 1 Solid-state Drive Toolbox | 2024-08-04 | 6.7 Medium |
| Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8539 | 1 Kia | 2 Head Unit, Head Unit Firmware | 2024-08-04 | 7.8 High |
| Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle. | ||||