Total
205 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21735 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2021-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. | |||||
| CVE-2020-27383 | 1 Blizzard | 1 Battle.net | 2021-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control" | |||||
| CVE-2021-3495 | 2 Netlify, Redhat | 2 Kiali-operator, Openshift Service Mesh | 2021-06-14 | 6.5 MEDIUM | 8.8 HIGH |
| An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-30482 | 1 Jetbrains | 1 Upsource | 2021-05-20 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly | |||||
| CVE-2020-18890 | 1 Puppycms | 1 Puppycms | 2021-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php. | |||||
| CVE-2021-3418 | 1 Gnu | 1 Grub2 | 2021-03-22 | 4.4 MEDIUM | 6.4 MEDIUM |
| If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. | |||||
| CVE-2021-21379 | 1 Xwiki | 1 Xwiki | 2021-03-22 | 3.5 LOW | 5.4 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inject scripts through it and they will be executed with the rights of the wiki macro (very often a user which has Programming rights). Fortunately, no such macro exists by default in XWiki Standard but one could have been created or installed with an extension. This vulnerability has been patched in versions XWiki 12.6.3, 11.10.11 and 12.8-rc-1. There is no easy workaround other than disabling the affected macros. Inserting content in a safe way or knowing what is the user who called the wiki macro is not easy. | |||||
| CVE-2021-23963 | 1 Mozilla | 1 Firefox | 2021-03-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85. | |||||
| CVE-2019-0073 | 1 Juniper | 1 Junos | 2021-02-05 | 2.1 LOW | 7.1 HIGH |
| The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. | |||||
| CVE-2020-26246 | 1 Pimcore | 1 Pimcore | 2020-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions. | |||||
| CVE-2020-12335 | 1 Intel | 1 Processor Identification Utility | 2020-11-30 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12330 | 1 Intel | 2 Falcon 8\+ Uas Asctec Thermal Viewer, Falcon 8\+ Uas Asctec Thermal Viewer Firmware | 2020-11-30 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12353 | 1 Intel | 1 Data Center Manager | 2020-11-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. | |||||
| CVE-2020-5796 | 1 Nagios | 1 Nagios Xi | 2020-11-24 | 7.2 HIGH | 7.8 HIGH |
| Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. | |||||
| CVE-2020-12334 | 1 Intel | 1 Advisor Tools | 2020-11-24 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12332 | 1 Intel | 1 Hid Event Filter Driver | 2020-11-24 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12345 | 1 Intel | 1 Data Center Manager | 2020-11-20 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2013-6335 | 4 Hp, Ibm, Linux and 1 more | 5 Hp-ux, Aix, Tivoli Storage Manager and 2 more | 2020-10-29 | 3.3 LOW | N/A |
| The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. | |||||
| CVE-2020-13763 | 1 Joomla | 1 Joomla\! | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | |||||
| CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2020-10-14 | 6.0 MEDIUM | 8.0 HIGH |
| Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | |||||