Total
1246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26941 | 1 Eset | 8 Endpoint Antivirus, Endpoint Security, File Security and 5 more | 2024-11-21 | 5.5 Medium |
| A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower. | ||||
| CVE-2020-26809 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | 5.3 Medium |
| SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality. | ||||
| CVE-2020-26807 | 1 Sap | 1 Erp Client For E-bilanz | 2024-11-21 | 3.3 Low |
| SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder. | ||||
| CVE-2020-26180 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2024-11-21 | 6.3 Medium |
| Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols. | ||||
| CVE-2020-26088 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 5.5 Medium |
| A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. | ||||
| CVE-2020-26031 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Zammad before 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions). | ||||
| CVE-2020-25593 | 1 Acronis | 1 True Image | 2024-11-21 | 6.7 Medium |
| Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. | ||||
| CVE-2020-25245 | 1 Siemens | 1 Digsi 4 | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM. | ||||
| CVE-2020-25208 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.3 Medium |
| In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without appropriate permissions. | ||||
| CVE-2020-24717 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2024-11-21 | 7.8 High |
| OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. | ||||
| CVE-2020-24612 | 1 Fedoraproject | 1 Selinux-policy | 2024-11-21 | 6.7 Medium |
| An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA. | ||||
| CVE-2020-24584 | 4 Canonical, Djangoproject, Fedoraproject and 1 more | 4 Ubuntu Linux, Django, Fedora and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. | ||||
| CVE-2020-24583 | 4 Canonical, Djangoproject, Fedoraproject and 1 more | 4 Ubuntu Linux, Django, Fedora and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. | ||||
| CVE-2020-24460 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 5.5 Medium |
| Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-24456 | 1 Intel | 1 Board Id Tool | 2024-11-21 | 7.8 High |
| Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-24402 | 1 Magento | 1 Magento | 2024-11-21 | 4.9 Medium |
| Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with permissions to the Resource Access API to delete customer details via the REST API without authorization. | ||||
| CVE-2020-23971 | 1 Gmapfp | 1 Gmapfp | 2024-11-21 | 7.5 High |
| gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. | ||||
| CVE-2020-22475 | 1 Tasks | 1 Tasks | 2024-11-21 | 6.8 Medium |
| "Tasks" application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions. | ||||
| CVE-2020-21342 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 High |
| Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. | ||||
| CVE-2020-1985 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2024-11-21 | 7.8 High |
| Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows. | ||||