Search
Total
1819 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23740 | 1 Drivergenius | 1 Drivergenius | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges. | |||||
| CVE-2020-28175 | 1 Almico | 1 Speedfan | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges | |||||
| CVE-2020-28251 | 1 Netscout | 7 Airmagnet Enterprise, Sensor4-r1s1w1-e, Sensor4-r2s1-e and 4 more | 2021-07-21 | 9.3 HIGH | 8.1 HIGH |
| NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise. | |||||
| CVE-2020-28421 | 2 Broadcom, Microsoft | 2 Unified Infrastructure Management, Windows | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. | |||||
| CVE-2020-11829 | 1 Oppo | 1 Coloros | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. | |||||
| CVE-2020-28572 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. | |||||
| CVE-2020-15349 | 1 Binarynights | 1 Forklift | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions. | |||||
| CVE-2020-12313 | 1 Intel | 12 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 8260 and 9 more | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2020-12350 | 1 Intel | 1 Extreme Tuning Utility | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12331 | 1 Intel | 1 Unite Cloud Service Client | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8745 | 1 Intel | 2 Converged Security And Manageability Engine, Trusted Execution Technology | 2021-07-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2020-8676 | 1 Intel | 2 Visual Compute Accelerator 2, Visual Compute Accelerator 2 Firmware | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12304 | 2 Intel, Microsoft | 2 Dynamic Application Loader Software Developement Kit, Windows | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access. | |||||
| CVE-2020-12297 | 1 Intel | 2 Converged Security And Manageability Engine, Trusted Execution Technology | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. | |||||
| CVE-2020-4685 | 1 Ibm | 1 Cognos Controller | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4.1, and 10.4.2 who has Administration rights to the server where the application is installed, can escalate their privilege from Low level to Super Admin and gain access to Create/Update/Delete any level of user in Cognos Controller. IBM X-Force ID: 186625. | |||||
| CVE-2020-7207 | 1 Hp | 42 Apollo 2000, Apollo 2000 Firmware, Apollo 4200 Gen10 and 39 more | 2021-07-21 | 7.2 HIGH | 6.8 MEDIUM |
| A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board. | |||||
| CVE-2019-8841 | 1 Apple | 2 Ipados, Iphone Os | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9331 | 1 Cryptopro | 1 Csp | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space. | |||||
| CVE-2020-26607 | 1 Google | 1 Android | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October 2020). | |||||
| CVE-2020-12302 | 1 Intel | 1 Driver \& Support Assistant | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-24356 | 1 Cloudflare | 1 Cloudflared | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| `cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue. | |||||
| CVE-2020-24563 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability. | |||||
| CVE-2020-24562 | 2 Microsoft, Trendmicro | 2 Windows, Officescan | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556. | |||||
| CVE-2020-11861 | 1 Microfocus | 1 Operations Agent | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. | |||||
| CVE-2020-0263 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913130 | |||||
| CVE-2019-0155 | 3 Canonical, Intel, Redhat | 709 Ubuntu Linux, Atom X5-e3930, Atom X5-e3930 Firmware and 706 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0360 | 1 Google | 1 Android | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Notification Access Confirmation, there is a possible permissions bypass due to uninformed consent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129456 | |||||
| CVE-2020-0387 | 1 Google | 1 Android | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-156046804 | |||||
| CVE-2019-0142 | 1 Intel | 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more | 2021-07-21 | 7.2 HIGH | 8.2 HIGH |
| Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-14100 | 1 Mi | 2 R3600, R3600 Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability. | |||||
| CVE-2020-15903 | 1 Nagios | 1 Nagios Xi | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3. | |||||
| CVE-2019-0139 | 1 Intel | 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow a privileged user to potentially enable an escalation of privilege, denial of service, or information disclosure via local access. | |||||
| CVE-2020-24949 | 1 Php-fusion | 1 Php-fusion | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). | |||||
| CVE-2020-25062 | 1 Google | 1 Android | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020). | |||||
| CVE-2020-25060 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Local users can gain privileges because of LAF and SBL1 flaws. The LG ID is LVE-SMP-200015 (July 2020). | |||||
| CVE-2020-7710 | 1 Safe-eval Project | 1 Safe-eval | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine. | |||||
| CVE-2020-9724 | 2 Adobe, Microsoft | 2 Lightroom, Windows | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-11156 | 1 Intel | 14 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 7265 \(rev D\) and 11 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | |||||
| CVE-2020-8684 | 1 Intel | 2 Acceleration Stack, Programmable Acceleration Card With Arria 10 Gx Fpga | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Acceleration Stack version 1.2.1 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8736 | 1 Intel | 1 Computing Improvement Program | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-20001 | 1 Ricoh | 2 Streamline Nx Client Tool, Streamline Nx Pc Client | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. | |||||
| CVE-2020-14162 | 1 Pi-hole | 1 Pi-hole | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command. | |||||
| CVE-2019-20029 | 1 Nec | 8 Sl1100, Sl1100 Firmware, Sl2100 and 5 more | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access. | |||||
| CVE-2019-2214 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel | |||||
| CVE-2019-2197 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact list with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-138529441 | |||||
| CVE-2019-20908 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2021-07-21 | 6.9 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032. | |||||
| CVE-2020-1465 | 1 Microsoft | 1 Onedrive | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Microsoft OneDrive that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft OneDrive Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-1463 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-1430 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1354. | |||||
| CVE-2020-1429 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | |||||