Total
181 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15113 | 2 Etcd, Fedoraproject | 2 Etcd, Fedora | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700). | |||||
CVE-2019-20843 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files. | |||||
CVE-2020-8190 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2024-02-04 | 6.0 MEDIUM | 7.5 HIGH |
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. | |||||
CVE-2020-14958 | 1 Gogs | 1 Gogs | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. | |||||
CVE-2020-9781 | 1 Apple | 2 Ipados, Iphone Os | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The issue was addressed by clearing website permission prompts after navigation. This issue is fixed in iOS 13.4 and iPadOS 13.4. A user may grant website permissions to a site they didn't intend to. | |||||
CVE-2020-13308 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance. | |||||
CVE-2020-13230 | 3 Cacti, Debian, Fedoraproject | 3 Cacti, Debian Linux, Fedora | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). | |||||
CVE-2019-0233 | 2 Apache, Oracle | 5 Struts, Communications Policy Management, Financial Services Data Integration Hub and 2 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. | |||||
CVE-2020-13763 | 1 Joomla | 1 Joomla\! | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | |||||
CVE-2020-10083 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied. | |||||
CVE-2019-18457 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in GitLab Community and Enterprise Edition 11.8 through 12.4 when handling Security tokens.. It has Insecure Permissions. | |||||
CVE-2020-8634 | 1 Wftpserver | 1 Wing Ftp Server | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified within the HTTP file management interface, resulting in files being saved with world-readable and world-writable permissions. If a sensitive system file were edited this way, a low-privilege user may escalate privileges to root. | |||||
CVE-2019-14956 | 1 Jetbrains | 1 Youtrack | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
JetBrains YouTrack before 2019.2.53938 was using incorrect settings, allowing a user without necessary permissions to get other project names. | |||||
CVE-2019-11748 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the possibility of trusted WebRTC resources being invisibly embedded in web content and abusing permissions previously given by users. Users will now be prompted for permissions on each use. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | |||||
CVE-2019-15621 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link. | |||||
CVE-2019-0073 | 1 Juniper | 1 Junos | 2024-02-04 | 2.1 LOW | 7.1 HIGH |
The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2. | |||||
CVE-2019-13682 | 1 Google | 1 Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||||
CVE-2019-20384 | 1 Gentoo | 1 Portage | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners. | |||||
CVE-2019-14226 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
OX App Suite through 7.10.2 has Insecure Permissions. | |||||
CVE-2019-16539 | 1 Jenkins | 1 Support Core | 2024-02-04 | 5.5 MEDIUM | 6.5 MEDIUM |
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles. |