Total
949 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7802 | 1 S3india | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2020-05-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. The affected product is vulnerable to insufficient default permissions, which could allow an attacker to view network configurations through SNMP communication. This is a different issue than CVE-2019-16879, CVE-2019-20045, CVE-2019-20046, CVE-2020-7800, and CVE-2020-7801. | |||||
| CVE-2020-8018 | 1 Suse | 1 Linux Enterprise Desktop | 2020-05-12 | 7.2 HIGH | 7.8 HIGH |
| A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to escalate to root due to a /etc directory owned by the user This issue affects: SUSE Linux Enterprise Server 15 SP1 SLES15-SP1-CAP-Deployment-BYOS version 1.0.1 and prior versions; SLES15-SP1-CHOST-BYOS versions prior to 1.0.3 and prior versions; | |||||
| CVE-2020-8798 | 1 Juplink | 2 Rx4-1500, Rx4-1500 Firmware | 2020-05-06 | 2.1 LOW | 5.5 MEDIUM |
| httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network. | |||||
| CVE-2020-12277 | 1 Gitlab | 1 Gitlab | 2020-05-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated. | |||||
| CVE-2019-19792 | 1 Eset | 1 Cyber Security | 2020-05-04 | 7.2 HIGH | 6.7 MEDIUM |
| A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files. | |||||
| CVE-2019-17103 | 1 Bitdefender | 1 Antivirus | 2020-05-04 | 2.1 LOW | 5.5 MEDIUM |
| An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0. | |||||
| CVE-2020-12118 | 1 Binance | 1 Tss-lib | 2020-05-01 | 6.4 MEDIUM | 8.2 HIGH |
| The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties. | |||||
| CVE-2019-15793 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2020-05-01 | 4.6 MEDIUM | 8.8 HIGH |
| In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions. | |||||
| CVE-2020-12075 | 1 Supsystic | 1 Data Tables Generator | 2020-04-29 | 6.5 MEDIUM | 8.8 HIGH |
| The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. | |||||
| CVE-2020-11692 | 1 Jetbrains | 1 Youtrack | 2020-04-27 | 4.0 MEDIUM | 2.7 LOW |
| In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. | |||||
| CVE-2020-11689 | 1 Jetbrains | 1 Teamcity | 2020-04-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. | |||||
| CVE-2020-0547 | 1 Intel | 1 Data Migration | 2020-04-23 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-21061 | 1 Google | 1 Android | 2020-04-10 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018). | |||||
| CVE-2020-1985 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2020-04-10 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows. | |||||
| CVE-2017-18668 | 1 Google | 1 Android | 2020-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with M(6.0) software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 (June 2017). | |||||
| CVE-2017-18669 | 1 Google | 1 Android | 2020-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017). | |||||
| CVE-2019-3944 | 1 Parrot | 2 Anafi, Anafi Firmware | 2020-04-07 | 7.8 HIGH | 7.5 HIGH |
| Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight. | |||||
| CVE-2020-11444 | 1 Sonatype | 1 Nexus | 2020-04-07 | 6.5 MEDIUM | 8.8 HIGH |
| Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control. | |||||
| CVE-2020-7004 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2020-04-06 | 7.2 HIGH | 8.8 HIGH |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application. | |||||
| CVE-2020-5551 | 1 Toyota | 1 Display Control Unit | 2020-04-03 | 5.4 MEDIUM | 8.8 HIGH |
| Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected. | |||||