Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at “End-of-software-support.”
CWE-276
CVE-2020-11689
In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file.
CVE-2020-11692
In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators.
CVE-2020-11444
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
CVE-2020-10939
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-10792
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing “dev” or “staging” in the HTTP Host header.