Total
1229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5369 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2020-09-11 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability. An authenticated malicious user may exploit this vulnerability by using SyncIQ to gain unauthorized access to system management files. | |||||
| CVE-2020-24355 | 1 Zyxel | 2 Vmg5313-b30b, Vmg5313-b30b Firmware | 2020-09-11 | 10.0 HIGH | 9.8 CRITICAL |
| Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing "FirstIndex" field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion. | |||||
| CVE-2020-17402 | 1 Parallels | 1 Parallels Desktop | 2020-08-31 | 2.1 LOW | 6.5 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. By examining a log file, an attacker can disclose a memory address. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11063. | |||||
| CVE-2018-12546 | 1 Eclipse | 1 Mosquitto | 2020-08-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients being able cause effects that would otherwise not be allowed. | |||||
| CVE-2018-0449 | 1 Cisco | 1 Jabber | 2020-08-28 | 3.3 LOW | 4.2 MEDIUM |
| A vulnerability in the Cisco Jabber Client Framework (JCF) software, installed as part of the Cisco Jabber for Mac client, could allow an authenticated, local attacker to corrupt arbitrary files on an affected device that has elevated privileges. The vulnerability exists due to insecure directory permissions set on a JCF created directory. An authenticated attacker with the ability to access an affected directory could create a hard link to an arbitrary location on the affected system. An attacker could convince another user that has administrative privileges to perform an install or update the Cisco Jabber for Mac client to perform such actions, allowing files to be created in an arbitrary location on the disk or an arbitrary file to be corrupted when it is appended to or overwritten. | |||||
| CVE-2020-5385 | 1 Dell | 2 Encryption, Endpoint Security Suite Enterprise | 2020-08-26 | 7.2 HIGH | 7.8 HIGH |
| Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link. | |||||
| CVE-2019-19882 | 1 Shadow Project | 1 Shadow | 2020-08-25 | 6.9 MEDIUM | 7.8 HIGH |
| shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8). | |||||
| CVE-2018-19446 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution. | |||||
| CVE-2019-2257 | 1 Qualcomm | 48 Mdm9150, Mdm9150 Firmware, Mdm9607 and 45 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 855, SDA660, SDM660, SDX20, SDX24 | |||||
| CVE-2019-12042 | 1 Pandasecurity | 6 Panda Antivirus, Panda Antivirus Pro, Panda Dome and 3 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Insecure permissions of the section object Global\PandaDevicesAgentSharedMemory and the event Global\PandaDevicesAgentSharedMemoryChange in Panda products before 18.07.03 allow attackers to queue an event (as an encrypted JSON string) to the system service AgentSvc.exe, which leads to privilege escalation when the CmdLineExecute event is queued. This affects Panda Antivirus, Panda Antivirus Pro, Panda Dome, Panda Global Protection, Panda Gold Protection, and Panda Internet Security. | |||||
| CVE-2018-20907 | 1 Cpanel | 1 Cpanel | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). | |||||
| CVE-2019-0108 | 1 Intel | 1 Data Center Manager | 2020-08-24 | 2.1 LOW | 5.5 MEDIUM |
| Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access. | |||||
| CVE-2019-1378 | 1 Microsoft | 1 Windows 10 Update Assistant | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-11806 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-08-24 | 2.1 LOW | 3.3 LOW |
| OX App Suite 7.10.1 and earlier has Insecure Permissions. | |||||
| CVE-2019-0138 | 1 Intel | 1 Acu Wizard | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-8411 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2019-13356 | 1 Totaldefense | 1 Anti-virus | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In Total Defense Anti-virus 9.0.0.773, insecure access control for the directory %PROGRAMDATA%\TotalDefense\Consumer\ISS\9\bd\TDUpdate2\ used by AMRT.exe allows local attackers to hijack bdcore.dll, which leads to privilege escalation when the AMRT service loads the DLL. | |||||
| CVE-2019-9222 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | |||||
| CVE-2019-2023 | 1 Google | 1 Android | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| In ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller. This could allow an app to add or replace a HAL service with its own service, gaining code execution in a privileged process.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-121035042Upstream kernel | |||||
| CVE-2018-14916 | 1 Loytec | 2 Lgate-902, Lgate-902 Firmware | 2020-08-24 | 9.4 HIGH | 9.1 CRITICAL |
| LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. | |||||