Total
2561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7287 | 2 Linux, Mcafee | 2 Linux Kernel, Endpoint Detection And Response | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
|
|||||
| CVE-2020-7286 | 2 Mcafee, Microsoft | 2 Endpoint Detection And Response, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
|
|||||
| CVE-2020-7285 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to.
|
|||||
| CVE-2020-7283 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
|
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine.
|
|||||
| CVE-2020-7281 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 1.9 LOW | 7.5 HIGH |
|
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
|
|||||
| CVE-2020-7280 | 1 Mcafee | 1 Virusscan Enterprise | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.
|
|||||
| CVE-2020-7274 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
|
Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).
|
|||||
| CVE-2020-7273 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 2.1 LOW | 6.7 MEDIUM |
|
Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.
|
|||||
| CVE-2020-7267 | 1 Mcafee | 1 Virusscan Enterprise | 2024-11-21 | 3.6 LOW | 8.8 HIGH |
|
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
|
|||||
| CVE-2020-7266 | 1 Mcafee | 1 Virusscan Enterprise | 2024-11-21 | 3.6 LOW | 8.8 HIGH |
|
Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
|
|||||
| CVE-2020-7265 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 3.6 LOW | 8.8 HIGH |
|
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
|
|||||
| CVE-2020-7264 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 3.6 LOW | 8.8 HIGH |
|
Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.
|
|||||
| CVE-2020-7259 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
|
Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file
|
|||||
| CVE-2020-7257 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 3.3 LOW | 8.4 HIGH |
|
Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent.
|
|||||
| CVE-2020-7255 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 3.6 LOW | 3.9 LOW |
|
Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration.
|
|||||
| CVE-2020-7254 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 4.6 MEDIUM | 7.7 HIGH |
|
Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command.
|
|||||
| CVE-2020-7125 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
|
|||||
| CVE-2020-7047 | 1 Webfactoryltd | 1 Wp Database Reset | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table.
|
|||||
| CVE-2020-7020 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 3.5 LOW | 3.1 LOW |
|
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
|
|||||
| CVE-2020-7019 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.
|
|||||
| CVE-2020-7018 | 1 Elastic | 1 Enterprise Search | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
|
Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator.
|
|||||
| CVE-2020-7014 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.
|
|||||
| CVE-2020-7009 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
|
|||||
| CVE-2020-6992 | 1 Ge | 1 Cimplicity | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an attacker has access to an authenticated session. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users ...
Show More |
|||||
| CVE-2020-6971 | 1 Emerson | 1 Valvelink | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters.
|
|||||
| CVE-2020-6968 | 1 Honeywell | 2 Inncom Inncontrol, Inncom Inncontrol Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files.
|
|||||
| CVE-2020-6949 | 1 Hashbrowncms | 1 Hashbrown Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account.
|
|||||
| CVE-2020-6652 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters.
|
|||||
| CVE-2020-6584 | 1 Nagios | 1 Nagios | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Nagios Log Server 2.1.3 has Incorrect Access Control.
|
|||||
| CVE-2020-6236 | 1 Sap | 2 Adaptive Extensions, Landscape Management | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.
|
|||||
| CVE-2020-6024 | 1 Checkpoint | 1 Smartconsole | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.
|
|||||
| CVE-2020-6013 | 1 Checkpoint | 1 Zonealarm Extreme Security | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems.
|
|||||
| CVE-2020-5916 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
|
In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory.
|
|||||
| CVE-2020-5773 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations.
|
|||||
| CVE-2020-5617 | 1 Skygroup | 1 Skysea Client View | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.
|
|||||
| CVE-2020-5302 | 1 Mh-wikibot Project | 1 Mh-wikibot | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1.
|
|||||
| CVE-2020-5291 | 4 Archlinux, Centos, Debian and 1 more | 4 Arch Linux, Centos, Debian Linux and 1 more | 2024-11-21 | 8.5 HIGH | 7.2 HIGH |
|
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to ...
Show More |
|||||
| CVE-2020-5253 | 1 Nethack | 1 Nethack | 2024-11-21 | 7.5 HIGH | 3.9 LOW |
|
NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.
|
|||||
| CVE-2020-5182 | 1 Cmsjunkie | 1 J-businessdirectory | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location).
|
|||||
| CVE-2020-4603 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880.
|
|||||