Total
949 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12306 | 2 Intel, Microsoft | 2 Realsense D400 Series Dynamic Calibration Tool, Windows | 2020-11-24 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-26807 | 1 Sap | 1 Erp Client For E-bilanz | 2020-11-24 | 2.1 LOW | 3.3 LOW |
| SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder. | |||||
| CVE-2020-24460 | 1 Intel | 1 Driver \& Support Assistant | 2020-11-20 | 2.1 LOW | 5.5 MEDIUM |
| Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-24456 | 1 Intel | 1 Board Id Tool | 2020-11-20 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-28044 | 1 Pax | 1 Prolinos | 2020-11-17 | 7.2 HIGH | 6.8 MEDIUM |
| An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions. | |||||
| CVE-2019-8777 | 1 Apple | 1 Mac Os X | 2020-10-30 | 2.1 LOW | 2.4 LOW |
| A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. A local attacker may be able to view contacts from the lock screen. | |||||
| CVE-2019-14718 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2020-10-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation. | |||||
| CVE-2020-27665 | 1 Strapi | 1 Strapi | 2020-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes. | |||||
| CVE-2020-15843 | 1 Actfax | 1 Actfax | 2020-10-09 | 4.4 MEDIUM | 7.3 HIGH |
| ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full Control" to "Everyone". An authenticated local attacker can exploit this to replace the TSClientB.exe binary in the Terminal directory, which is executed on logon for every user. Alternatively, the attacker can replace any of the binaries in the Client or Install directories. The latter requires additional user interaction, for example starting the client. | |||||
| CVE-2019-12670 | 1 Cisco | 1 Ios | 2020-10-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container. | |||||
| CVE-2020-0374 | 1 Google | 1 Android | 2020-09-24 | 7.2 HIGH | 7.8 HIGH |
| In NFC, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156251602 | |||||
| CVE-2020-0388 | 1 Google | 1 Android | 2020-09-24 | 7.2 HIGH | 7.8 HIGH |
| In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-156123285 | |||||
| CVE-2020-0275 | 1 Google | 1 Android | 2020-09-23 | 7.2 HIGH | 7.8 HIGH |
| In MediaProvider, there is a possible way to access ContentResolver and MediaStore entries the app shouldn't have access to due to a permissions bypass. This could lead to local escalation of privilege, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150507736 | |||||
| CVE-2020-0390 | 1 Google | 1 Android | 2020-09-22 | 2.1 LOW | 5.5 MEDIUM |
| In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157598026 | |||||
| CVE-2020-8346 | 1 Lenovo | 1 System Interface Foundation | 2020-09-21 | 2.1 LOW | 5.5 MEDIUM |
| A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. | |||||
| CVE-2020-10049 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2020-09-14 | 4.4 MEDIUM | 7.3 HIGH |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators. | |||||
| CVE-2020-10050 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2020-09-14 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts. | |||||
| CVE-2019-10679 | 1 Thomsonreuters | 1 Eikon | 2020-09-11 | 7.2 HIGH | 7.8 HIGH |
| Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions. | |||||
| CVE-2020-23971 | 1 Gmapfp | 1 Gmapfp | 2020-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. | |||||
| CVE-2020-7527 | 1 Schneider-electric | 1 Somove | 2020-09-04 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched. | |||||