CWE:
 

Tytuł
Data
Autor
Med.
BarracudaDrive v6.5 Insecure Folder Permissions
04.09.2020
Bobby Cooke
Low
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment
28.04.2019
Cisco Talos
High
aws-cfn-bootstrap Local Code Execution
04.12.2017
Harry Sintonen
Med.
SAP HANA SPS09 1.00.091.00.1418659308 EXPORT Information Disclosure
22.08.2016
Multiple
Low
Samsung SNS Provider Application For Android Access Theft
13.03.2015
Sadosky


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-10-21
Medium
CVE-2020-10140

Vendor: Acronis
Software: True image
 

 
Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis.

 
2020-10-14
Medium
CVE-2020-0400

Vendor: Google
Software: Android
 

 
In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-153356561

 
Medium
CVE-2020-0398

Vendor: Google
Software: Android
 

 
In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-154323381

 
2020-10-13
Medium
CVE-2020-17415

Updating...
 

 
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit PhantomPDF Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11308.

 
Medium
CVE-2020-17414

Updating...
 

 
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit Reader 10.0.0.35798. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-11229.

 
2020-09-22
Medium
CVE-2020-4611

Vendor: IBM
Software: Data risk ma...
 

 
IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.

 
Medium
CVE-2020-16202

Vendor: Advantech
Software: Webaccess
 

 
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.

 
2020-09-21
Low
CVE-2020-6562

Vendor: Google
Software: Chrome
 

 
Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

 
Low
CVE-2020-6558

Vendor: Opensuse
Software: Backports sle
 

 
Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

 
2020-09-18
Medium
CVE-2020-0089

Vendor: Google
Software: Android
 

 
In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603

 

 


Copyright 2020, cxsecurity.com

 

Back to Top