Total
2352 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9141 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient verification of data authenticity. | |||||
| CVE-2020-9114 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation. | |||||
| CVE-2020-9112 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege. | |||||
| CVE-2020-9046 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. | |||||
| CVE-2020-8873 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10031. | |||||
| CVE-2020-8624 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone. | |||||
| CVE-2020-8474 | 1 Abb | 1 800xa Base System | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. | |||||
| CVE-2020-8351 | 1 Lenovo | 1 Pcmanager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8327 | 1 Lenovo | 1 Vantage | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8320 | 1 Lenovo | 200 Thinkpad 11e, Thinkpad 11e Firmware, Thinkpad 11e Yoga Gen 6 and 197 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. | |||||
| CVE-2020-8290 | 1 Backblaze | 1 Backblaze | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary. | |||||
| CVE-2020-8283 | 1 Citrix | 3 Virtual Apps And Desktops, Xenapp, Xendesktop | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. | |||||
| CVE-2020-8275 | 1 Citrix | 1 Secure Mail | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. | |||||
| CVE-2020-8269 | 1 Citrix | 3 Virtual Apps And Desktops, Xenapp, Xendesktop | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 | |||||
| CVE-2020-8258 | 1 Citrix | 1 Gateway Plug-in | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. | |||||
| CVE-2020-8257 | 1 Citrix | 1 Gateway Plug-in | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks | |||||
| CVE-2020-8247 | 1 Citrix | 5 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface. | |||||
| CVE-2020-8223 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. | |||||
| CVE-2020-8179 | 1 Nextcloud | 1 Deck | 2024-11-21 | 4.0 MEDIUM | 4.1 MEDIUM |
| Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. | |||||
| CVE-2020-8113 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. | |||||