CVE-2020-16144

MEDIUM Year: 2020
CVSS v3 Score
5.7
Medium
CVSS v2 Score
3.5
Low
Weakness Type
CWE-276
View all →

Vulnerability Description

When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the files_antivirus component versions before 0.15.2 for ownCloud.

Related Vulnerabilities

CVE-2002-1713

MEDIUM
CVSS:5.5(Medium)

The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.

CWE-2762002

CVE-2012-6136

MEDIUM
CVSS:5.5(Medium)

tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.

CWE-2762012

CVE-2013-1425

MEDIUM
CVSS:5.5(Medium)

ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.

CWE-2762013

CVE-2013-4281

MEDIUM
CVSS:5.5(Medium)

In Red Hat Openshift 1, weak default permissions are applied to the /etc/openshift/server_priv.pem file on the broker server, which could allow users with local access to the broker to read this file.

CWE-2762013

CVE-2017-5622

MEDIUM
CVSS:5.9(Medium)

With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open u...

CWE-2762017

CVE-2017-6404

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.

CWE-2762017