Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5551 | 1 Toyota | 1 Display Control Unit | 2024-08-04 | 8.8 High |
| Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected. | ||||
| CVE-2020-5231 | 1 Apereo | 1 Opencast | 2024-08-04 | 4.8 Medium |
| In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (except for tests) but only in the security configuration. From the name – implying an admin for a specific course – users would never expect that this role allows user creation. This issue is fixed in 7.6 and 8.1 which both ship a new default security configuration. | ||||
| CVE-2020-5196 | 1 Cerberusftp | 1 Ftp Server | 2024-08-04 | 8.1 High |
| Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission. | ||||
| CVE-2020-3838 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-08-04 | 7.8 High |
| The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges. | ||||
| CVE-2020-3766 | 2 Adobe, Microsoft | 2 Genuine Integrity Service, Windows | 2024-08-04 | 7.8 High |
| Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2020-3626 | 1 Qualcomm | 72 Apq8053, Apq8053 Firmware, Apq8096au and 69 more | 2024-08-04 | 7.8 High |
| Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | ||||
| CVE-2020-2197 | 1 Jenkins | 1 Project Inheritance | 2024-08-04 | 4.3 Medium |
| Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. | ||||
| CVE-2020-2183 | 1 Jenkins | 1 Copy Artifact | 2024-08-04 | 6.5 Medium |
| Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access. | ||||
| CVE-2020-2191 | 1 Jenkins | 1 Self-organizing Swarm Modules | 2024-08-04 | 4.3 Medium |
| Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. | ||||
| CVE-2020-2118 | 1 Jenkins | 1 Pipeline Github Notify Step | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2020-2117 | 1 Jenkins | 1 Pipeline Github Notify Step | 2024-08-04 | 4.3 Medium |
| A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2020-2077 | 1 Sick | 1 Package Analytics | 2024-08-04 | 7.5 High |
| SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly. | ||||
| CVE-2020-1571 | 1 Microsoft | 1 Windows 10 | 2024-08-04 | 7.3 High |
| An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by ensuring Windows Setup properly handles permissions. | ||||
| CVE-2020-0486 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857116 | ||||
| CVE-2020-0524 | 1 Intel | 6 Ethernet Controller I210-at, Ethernet Controller I210-cl, Ethernet Controller I210-cs and 3 more | 2024-08-04 | 5.5 Medium |
| Improper default permissions in the firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-0560 | 1 Intel | 1 Renesas Electronics Usb 3.0 Driver | 2024-08-04 | 7.8 High |
| Improper permissions in the installer for the Intel(R) Renesas Electronics(R) USB 3.0 Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0508 | 1 Intel | 1 Graphics Driver | 2024-08-04 | 7.8 High |
| Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0564 | 1 Intel | 1 Raid Web Console 3 | 2024-08-04 | 7.8 High |
| Improper permissions in the installer for Intel(R) RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0514 | 1 Intel | 1 Graphics Driver | 2024-08-04 | 7.8 High |
| Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0547 | 1 Intel | 1 Data Migration | 2024-08-04 | 7.8 High |
| Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||