Total
1246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2197 | 1 Jenkins | 1 Project Inheritance | 2024-11-21 | 4.3 Medium |
| Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. | ||||
| CVE-2020-2191 | 1 Jenkins | 1 Self-organizing Swarm Modules | 2024-11-21 | 4.3 Medium |
| Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier does not check permissions on API endpoints that allow adding and removing agent labels. | ||||
| CVE-2020-2183 | 1 Jenkins | 1 Copy Artifact | 2024-11-21 | 6.5 Medium |
| Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper permission checks, allowing attackers to copy artifacts from jobs they have no permission to access. | ||||
| CVE-2020-2118 | 1 Jenkins | 1 Pipeline Github Notify Step | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. | ||||
| CVE-2020-2117 | 1 Jenkins | 1 Pipeline Github Notify Step | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2020-2077 | 1 Sick | 1 Package Analytics | 2024-11-21 | 7.5 High |
| SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly. | ||||
| CVE-2020-29582 | 3 Jetbrains, Oracle, Redhat | 7 Kotlin, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 4 more | 2024-11-21 | 5.3 Medium |
| In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. | ||||
| CVE-2020-29503 | 1 Dell | 1 Emc Powerstore | 2024-11-21 | 4.1 Medium |
| Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory. | ||||
| CVE-2020-29492 | 1 Dell | 8 Wyse 3040, Wyse 5010, Wyse 5040 and 5 more | 2024-11-21 | 10 Critical |
| Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to access the writable file and manipulate the configuration of any target specific station. | ||||
| CVE-2020-29491 | 1 Dell | 8 Wyse 3040, Wyse 5010, Wyse 5040 and 5 more | 2024-11-21 | 10 Critical |
| Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the sensitive information on the local network, leading to the potential compromise of impacted thin clients. | ||||
| CVE-2020-29489 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Vsa Operating Environment, Emc Unity Xt Operating Environment | 2024-11-21 | 6.4 Medium |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user. | ||||
| CVE-2020-28906 | 1 Nagios | 2 Fusion, Nagios Xi | 2024-11-21 | 8.8 High |
| Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root. Low-privileged users are able to modify files that are included (aka sourced) by scripts executed by root. | ||||
| CVE-2020-28392 | 1 Siemens | 1 Simaris Configuration | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine. | ||||
| CVE-2020-28044 | 1 Pax | 1 Prolinos | 2024-11-21 | 6.8 Medium |
| An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions. | ||||
| CVE-2020-28041 | 1 Netgear | 2 Nighthawk R7000, Nighthawk R7000 Firmware | 2024-11-21 | 6.5 Medium |
| The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data. | ||||
| CVE-2020-27665 | 1 Strapi | 1 Strapi | 2024-11-21 | 7.5 High |
| In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes. | ||||
| CVE-2020-27569 | 1 Aviatrix | 1 Openvpn | 2024-11-21 | 7.5 High |
| Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system. | ||||
| CVE-2020-27384 | 1 Arena | 1 Guild Wars 2 | 2024-11-21 | 7.8 High |
| The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable. | ||||
| CVE-2020-27358 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 4.3 Medium |
| An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}. | ||||
| CVE-2020-27228 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 7.8 High |
| An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. | ||||