Search
Total
1288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5773 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2020-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations. | |||||
| CVE-2016-2061 | 1 Linux | 1 Linux Kernel | 2020-08-04 | 6.8 MEDIUM | 7.8 HIGH |
| Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call. | |||||
| CVE-2016-2067 | 2 Google, Linux | 2 Android, Linux Kernel | 2020-08-04 | 9.3 HIGH | 7.8 HIGH |
| drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993. | |||||
| CVE-2016-2059 | 2 Google, Linux | 2 Android, Linux Kernel | 2020-08-03 | 4.4 MEDIUM | 7.0 HIGH |
| The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls. | |||||
| CVE-2020-14493 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2020-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands. | |||||
| CVE-2020-1431 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-7578 | 1 Siemens | 1 Opcenter Execution Core | 2020-07-17 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform unauthorized changes. | |||||
| CVE-2020-7283 | 1 Mcafee | 1 Total Protection | 2020-07-13 | 4.6 MEDIUM | 8.8 HIGH |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-6013 | 1 Checkpoint | 1 Zonealarm Extreme Security | 2020-07-13 | 6.5 MEDIUM | 8.8 HIGH |
| ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems. | |||||
| CVE-2017-18884 | 1 Mattermost | 1 Mattermost Server | 2020-06-30 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens. | |||||
| CVE-2019-20886 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin. | |||||
| CVE-2020-9225 | 1 Huawei | 1 Fusionsphere Openstack | 2020-06-22 | 4.6 MEDIUM | 7.8 HIGH |
| FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege. | |||||
| CVE-2020-12850 | 1 Pydio | 1 Cells | 2020-06-22 | 6.9 MEDIUM | 7.0 HIGH |
| The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the appliance, the user pydio is responsible for running all the services and binaries that are contained in the Pydio Cells web application package, such as mysqld, cells, among others. This user has privileges restricted to run those services and nothing more. | |||||
| CVE-2020-12713 | 1 Ciphermail | 2 Gateway, Webmail Messenger | 2020-06-22 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account. | |||||
| CVE-2020-7014 | 1 Elastic | 1 Elasticsearch | 2020-06-19 | 6.5 MEDIUM | 8.8 HIGH |
| The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. | |||||
| CVE-2020-7509 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files. | |||||
| CVE-2020-7280 | 1 Mcafee | 1 Virusscan Enterprise | 2020-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent. | |||||
| CVE-2019-3617 | 1 Mcafee | 1 Total Protection | 2020-06-16 | 6.9 MEDIUM | 8.2 HIGH |
| Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files. | |||||
| CVE-2020-9046 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2020-06-03 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. | |||||
| CVE-2020-12798 | 1 Sun-denshi | 4 Universal Forensic Extraction Device Firmware, Universal Forensic Extraction Device Ruggedized Panasonic Laptop, Universal Forensic Extraction Device Touch 2 and 1 more | 2020-05-21 | 4.6 MEDIUM | 7.8 HIGH |
| Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. | |||||
| CVE-2019-17066 | 1 Ivanti | 1 Workspace Control | 2020-05-20 | 7.2 HIGH | 7.8 HIGH |
| In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights. | |||||
| CVE-2020-7267 | 1 Mcafee | 1 Virusscan Enterprise | 2020-05-18 | 3.6 LOW | 8.4 HIGH |
| Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-7266 | 1 Mcafee | 1 Virusscan Enterprise | 2020-05-18 | 3.6 LOW | 8.4 HIGH |
| Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-7264 | 1 Mcafee | 1 Endpoint Security | 2020-05-18 | 3.6 LOW | 8.4 HIGH |
| Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-7265 | 1 Mcafee | 1 Endpoint Security | 2020-05-18 | 3.6 LOW | 8.4 HIGH |
| Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | |||||
| CVE-2020-7285 | 1 Mcafee | 1 Mvision Endpoint | 2020-05-15 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2020-6652 | 1 Eaton | 1 Intelligent Power Manager | 2020-05-12 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters. | |||||
| CVE-2020-7286 | 2 Mcafee, Microsoft | 2 Endpoint Detection And Response, Windows | 2020-05-12 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2020-7287 | 2 Linux, Mcafee | 2 Linux Kernel, Endpoint Detection And Response | 2020-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2020-7290 | 2 Linux, Mcafee | 2 Linux Kernel, Active Response | 2020-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2020-7289 | 2 Mcafee, Microsoft | 2 Active Response, Windows | 2020-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | |||||
| CVE-2018-21226 | 1 Netgear | 10 Jnr1010, Jnr1010 Firmware, Jwnr2010 and 7 more | 2020-05-05 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects JNR1010v2 before 1.1.0.48, JWNR2010v5 before 1.1.0.48, WNR1000v4 before 1.1.0.48, WNR2020 before 1.1.0.48, and WNR2050 before 1.1.0.48. | |||||
| CVE-2020-8474 | 1 Abb | 1 800xa Base System | 2020-04-30 | 4.6 MEDIUM | 7.8 HIGH |
| Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. | |||||
| CVE-2018-21124 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2020-04-28 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation. | |||||
| CVE-2017-18822 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-23 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
| CVE-2017-18826 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-23 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
| CVE-2017-18830 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-23 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
| CVE-2017-18829 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-23 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
| CVE-2017-18837 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-23 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
| CVE-2017-18838 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
| CVE-2020-1014 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-04-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-7274 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | |||||
| CVE-2020-7259 | 1 Mcafee | 1 Endpoint Security | 2020-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | |||||
| CVE-2020-8327 | 1 Lenovo | 1 Vantage | 2020-04-15 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-6236 | 1 Sap | 2 Adaptive Extensions, Landscape Management | 2020-04-15 | 6.5 MEDIUM | 7.2 HIGH |
| SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation. | |||||
| CVE-2020-1991 | 2 Microsoft, Paloaltonetworks | 2 Windows, Traps | 2020-04-10 | 3.6 LOW | 7.1 HIGH |
| An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS. | |||||
| CVE-2020-1989 | 1 Paloaltonetworks | 1 Globalprotect | 2020-04-09 | 7.2 HIGH | 7.8 HIGH |
| An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1. | |||||
| CVE-2020-7009 | 1 Elastic | 1 Elasticsearch | 2020-04-09 | 6.5 MEDIUM | 8.8 HIGH |
| Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges. | |||||
| CVE-2018-17954 | 1 Suse | 2 Openstack Cloud, Openstack Cloud Crowbar | 2020-04-08 | 7.2 HIGH | 7.8 HIGH |
| A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-. | |||||
| CVE-2019-19699 | 1 Centreon | 1 Centreon | 2020-04-06 | 9.0 HIGH | 7.2 HIGH |
| There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration. | |||||