Total
205 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0405 | 1 Google | 1 Android | 2020-09-24 | 4.6 MEDIUM | 7.8 HIGH |
| In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111 | |||||
| CVE-2020-13308 | 1 Gitlab | 1 Gitlab | 2020-09-18 | 4.0 MEDIUM | 2.7 LOW |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. | |||||
| CVE-2019-11748 | 1 Mozilla | 2 Firefox, Firefox Esr | 2020-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | |||||
| CVE-2020-13282 | 1 Gitlab | 1 Gitlab | 2020-08-19 | 4.9 MEDIUM | 3.5 LOW |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. | |||||
| CVE-2020-8190 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2020-07-13 | 6.0 MEDIUM | 7.5 HIGH |
| Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. | |||||
| CVE-2020-14958 | 1 Gogs | 1 Gogs | 2020-06-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. | |||||
| CVE-2019-20846 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage. | |||||
| CVE-2019-20843 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files. | |||||
| CVE-2020-2025 | 1 Katacontainers | 1 Runtime | 2020-05-21 | 4.6 MEDIUM | 8.8 HIGH |
| Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests. | |||||
| CVE-2020-9781 | 1 Apple | 2 Ipados, Iphone Os | 2020-04-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to. | |||||
| CVE-2020-10083 | 1 Gitlab | 1 Gitlab | 2020-03-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied. | |||||
| CVE-2020-8634 | 1 Wftpserver | 1 Wing Ftp Server | 2020-03-09 | 7.2 HIGH | 7.8 HIGH |
| Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root. | |||||
| CVE-2020-9442 | 2 Microsoft, Openvpn | 2 Windows, Connect | 2020-03-03 | 7.2 HIGH | 7.8 HIGH |
| OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there. | |||||
| CVE-2020-8633 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-02-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible. | |||||
| CVE-2019-15621 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link. | |||||
| CVE-2020-8117 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | |||||
| CVE-2019-18457 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions. | |||||
| CVE-2019-18458 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in GitLab Community and Enterprise Edition through 12.4. It has Insecure Permissions (issue 2 of 4). | |||||
| CVE-2017-8561 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-11-07 | 6.9 MEDIUM | 7.0 HIGH |
| Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | |||||
| CVE-2019-14226 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-10-17 | 5.5 MEDIUM | 8.1 HIGH |
| OX App Suite through 7.10.2 has Insecure Permissions. | |||||