Search
Total
503 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36281 | 1 Dell | 1 Emc Powerscale Onefs | 2021-08-25 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges. | |||||
| CVE-2021-36279 | 1 Dell | 1 Emc Powerscale Onefs | 2021-08-24 | 7.2 HIGH | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. | |||||
| CVE-2020-5417 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2021-08-17 | 6.5 MEDIUM | 8.8 HIGH |
| Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components. | |||||
| CVE-2017-16630 | 1 Sapphireims | 1 Sapphireims | 2021-08-16 | 6.5 MEDIUM | 8.8 HIGH |
| In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function. | |||||
| CVE-2018-17776 | 1 Pcprotect | 1 Antivirus | 2021-08-16 | 6.8 MEDIUM | 7.8 HIGH |
| PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | |||||
| CVE-2017-11652 | 1 Razer | 1 Synapse | 2021-08-12 | 4.6 MEDIUM | 8.4 HIGH |
| Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. | |||||
| CVE-2017-11653 | 1 Razer | 1 Synapse | 2021-08-12 | 4.6 MEDIUM | 7.8 HIGH |
| Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. | |||||
| CVE-2020-28169 | 2 Microsoft, Td-agent-builder Project | 2 Windows, Td-agent-builder | 2021-08-05 | 6.9 MEDIUM | 7.0 HIGH |
| The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM. | |||||
| CVE-2021-25318 | 1 Rancher | 1 Rancher | 2021-08-03 | 6.5 MEDIUM | 8.8 HIGH |
| A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16. | |||||
| CVE-2021-32463 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2021-08-02 | 7.2 HIGH | 7.8 HIGH |
| An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-6168 | 1 Webfactoryltd | 1 Minimal Coming Soon \& Maintenance Mode | 2021-07-21 | 6.5 MEDIUM | 7.6 HIGH |
| A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the setting). | |||||
| CVE-2020-35947 | 1 Pagelayer | 1 Pagelayer | 2021-07-21 | 6.5 MEDIUM | 7.4 HIGH |
| An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce was present in a publicly viewable page. The greatest impact was the pagelayer_save_content function that allowed pages to be modified and allowed XSS to occur. | |||||
| CVE-2020-4002 | 1 Vmware | 1 Sd-wan Orchestrator | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system. | |||||
| CVE-2020-24716 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. | |||||
| CVE-2020-16136 | 1 Tgstation13 | 1 Tgstation-server | 2021-07-21 | 6.8 MEDIUM | 7.7 HIGH |
| In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable to enumerate files, however. | |||||
| CVE-2020-0025 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In deletePackageVersionedInternal of PackageManagerService.java, there is a possible way to exit Screen Pinning due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-135604684 | |||||
| CVE-2020-15871 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. | |||||
| CVE-2020-15593 | 2 Microsoft, Riverbed | 2 Windows, Steelcentral Aternity Agent | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins” directory and execute code contained in them. | |||||
| CVE-2020-11467 | 1 Deskpro | 1 Deskpro | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Deskpro before 2019.8.0. This product enables administrators to modify the helpdesk interface by editing /portal/api/style/edit-theme-set/template-sources theme templates, and uses TWIG as its template engine. While direct access to self and _self variables was not permitted, one could abuse the accessible variables in one's context to reach a native unserialize function via the code parameter. There, on could pass a crafted payload to trigger a set of POP gadgets in order to achieve remote code execution. | |||||
| CVE-2020-11443 | 1 Zoom | 1 It Installer | 2021-07-21 | 8.5 HIGH | 8.1 HIGH |
| The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files that otherwise cannot be deleted by the user. | |||||
| CVE-2020-1056 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2021-07-21 | 5.8 MEDIUM | 8.1 HIGH |
| An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-10868 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process. | |||||
| CVE-2020-25039 | 2 Opensuse, Sylabs | 2 Leap, Singularity | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. | |||||
| CVE-2019-19216 | 1 Bmcsoftware | 1 Control-m\/agent | 2021-07-21 | 8.5 HIGH | 8.8 HIGH |
| BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy. | |||||
| CVE-2020-0089 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603 | |||||
| CVE-2020-24028 | 1 Forlogic | 1 Qualiex | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. | |||||
| CVE-2020-25040 | 2 Opensuse, Sylabs | 2 Leap, Singularity | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. | |||||
| CVE-2020-4611 | 1 Ibm | 1 Data Risk Manager | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922. | |||||
| CVE-2020-5808 | 1 Tenable | 1 Tenable.sc | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration. | |||||
| CVE-2019-14479 | 1 Adremsoft | 1 Netcrunch | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software. | |||||
| CVE-2020-16262 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation. | |||||
| CVE-2020-8602 | 2 Microsoft, Trendmicro | 3 Windows, Deep Security Manager, Vulnerability Protection | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution. | |||||
| CVE-2020-10088 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. | |||||
| CVE-2020-10552 | 1 Psyprax | 1 Psyprax | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed directly as well. | |||||
| CVE-2020-14987 | 1 Bloomreach | 1 Experience Manager | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST transforming annotation such as @Grab. | |||||
| CVE-2020-35625 | 1 Mediawiki | 1 Mediawiki | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use \MediaWiki\Shell\Shell::command within a comment. | |||||
| CVE-2019-13012 | 1 Gnome | 1 Glib | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450. | |||||
| CVE-2021-0055 | 1 Intel | 8 Lapqc71a, Lapqc71a Firmware, Lapqc71b and 5 more | 2021-06-24 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop Kit LAN Drivers before version 10.42 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-23022 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2021-06-23 | 7.2 HIGH | 7.8 HIGH |
| On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-0102 | 1 Intel | 1 Unite | 2021-06-22 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2020-26155 | 2 Microsoft, Utimaco | 7 Windows, Block-safe Firmware, Cryptoserver Cp5 Firmware and 4 more | 2021-06-17 | 4.4 MEDIUM | 7.8 HIGH |
| Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-administrator users. Additionally, entries are made to the PATH environment variable which, in conjunction with these weak permissions, could enable an attacker to perform a DLL hijacking attack. | |||||
| CVE-2020-24394 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2021-06-14 | 3.6 LOW | 7.1 HIGH |
| In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. | |||||
| CVE-2018-1386 | 1 Ibm | 1 Tivoli Workload Scheduler | 2021-06-07 | 6.9 MEDIUM | 7.0 HIGH |
| IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain root privileges. IBM X-Force ID: 138208. | |||||
| CVE-2017-13779 | 1 Gstn | 1 India Goods And Services Tax Network Offline Utility Tool | 2021-06-04 | 7.2 HIGH | 7.8 HIGH |
| GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution. | |||||
| CVE-2021-31475 | 1 Solarwinds | 1 Orion Job Scheduler | 2021-06-03 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF service configuration, which allows a critical resource to be accessed by unprivileged users. An attacker can leverage this vulnerability to execute code in the context of an administrator. Was ZDI-CAN-12007. | |||||
| CVE-2020-28909 | 1 Nagios | 1 Fusion | 2021-06-03 | 9.0 HIGH | 8.8 HIGH |
| Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo. | |||||
| CVE-2018-13374 | 1 Fortinet | 1 Fortios | 2021-06-03 | 4.0 MEDIUM | 8.8 HIGH |
| A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one. | |||||
| CVE-2017-17677 | 1 Bmc | 1 Remedy Mid-tier | 2021-06-01 | 6.5 MEDIUM | 8.8 HIGH |
| BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code. | |||||
| CVE-2021-31902 | 1 Jetbrains | 1 Youtrack | 2021-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly. | |||||
| CVE-2021-32101 | 1 Open-emr | 1 Openemr | 2021-05-11 | 6.4 MEDIUM | 8.2 HIGH |
| The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient. | |||||