CVE & Exploit Intelligence Database

CVE-2020-16212 6.8 MEDIUM EPSS 0.00

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.

CWE-668 Sep 11, 2020

CVE-2020-5386 7.5 HIGH EPSS 0.01

Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.

CWE-668 Sep 02, 2020

CVE-2020-25073 5.3 MEDIUM EPSS 0.01

FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled.

CWE-668 Sep 02, 2020

CVE-2020-13946 5.9 MEDIUM EPSS 0.00

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.

CWE-668 Sep 01, 2020

CVE-2020-13472 4.6 MEDIUM EPSS 0.00

The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module.

CWE-668 Aug 31, 2020

CVE-2020-13470 4.6 MEDIUM EPSS 0.00

Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data.

CWE-668 Aug 31, 2020

CVE-2020-13469 4.6 MEDIUM EPSS 0.00

The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU.

CWE-668 Aug 31, 2020

CVE-2020-11934 5.9 MEDIUM EPSS 0.00

It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2.

CWE-668 Jul 29, 2020

CVE-2020-15816 8.8 HIGH EPSS 0.01

In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.

CWE-668 Jul 17, 2020

CVE-2020-14064 6.5 MEDIUM 1 PoC Analysis EPSS 0.01

IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.

CWE-668 Jul 15, 2020

CVE-2020-12020 6.1 MEDIUM EPSS 0.00

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.

CWE-668 Jun 29, 2020

CVE-2020-10271 9.8 CRITICAL EPSS 0.00

MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS).

CWE-668 Jun 24, 2020

CVE-2019-20853 9.8 CRITICAL EPSS 0.02

An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem.

CWE-668 Jun 19, 2020

CVE-2020-9291 6.3 MEDIUM EPSS 0.00

An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.

CWE-668 Jun 01, 2020

CVE-2020-6774 9.3 CRITICAL EPSS 0.00

Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.

CWE-284 May 27, 2020

CVE-2020-6490 4.3 MEDIUM EPSS 0.01

Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page.

CWE-668 May 21, 2020

CVE-2020-13240 5.4 MEDIUM EPSS 0.00

The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.

CWE-276 May 20, 2020

CVE-2020-11931 3.3 LOW EPSS 0.00

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2;

CWE-284 May 15, 2020

CVE-2020-1945 6.3 MEDIUM EPSS 0.00

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

CWE-668 May 14, 2020

CVE-2020-12687 6.5 MEDIUM 1 Writeup EPSS 0.00

An issue was discovered in Serpico before 1.3.3. The /admin/attacments_backup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users (including administrators) from the database.

CWE-668 May 07, 2020