Total
2352 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7014 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. | |||||
| CVE-2020-7009 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges. | |||||
| CVE-2020-6992 | 1 Ge | 1 Cimplicity | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an attacker has access to an authenticated session. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer. | |||||
| CVE-2020-6971 | 1 Emerson | 1 Valvelink | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. | |||||
| CVE-2020-6968 | 1 Honeywell | 2 Inncom Inncontrol, Inncom Inncontrol Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. | |||||
| CVE-2020-6949 | 1 Hashbrowncms | 1 Hashbrown Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account. | |||||
| CVE-2020-6652 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters. | |||||
| CVE-2020-6584 | 1 Nagios | 1 Nagios | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nagios Log Server 2.1.3 has Incorrect Access Control. | |||||
| CVE-2020-6236 | 1 Sap | 2 Adaptive Extensions, Landscape Management | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation. | |||||
| CVE-2020-6024 | 1 Checkpoint | 1 Smartconsole | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users. | |||||
| CVE-2020-6013 | 1 Checkpoint | 1 Zonealarm Extreme Security | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems. | |||||
| CVE-2020-5916 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. | |||||
| CVE-2020-5773 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations. | |||||
| CVE-2020-5617 | 1 Skygroup | 1 Skysea Client View | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors. | |||||
| CVE-2020-5302 | 1 Mh-wikibot Project | 1 Mh-wikibot | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1. | |||||
| CVE-2020-5291 | 4 Archlinux, Centos, Debian and 1 more | 4 Arch Linux, Centos, Debian Linux and 1 more | 2024-11-21 | 8.5 HIGH | 7.2 HIGH |
| Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update. | |||||
| CVE-2020-5253 | 1 Nethack | 1 Nethack | 2024-11-21 | 7.5 HIGH | 3.9 LOW |
| NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. | |||||
| CVE-2020-5182 | 1 Cmsjunkie | 1 J-businessdirectory | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location). | |||||
| CVE-2020-4603 | 1 Ibm | 1 Security Guardium Insights | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880. | |||||
| CVE-2020-4184 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| IBM Security Guardium 11.2 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 174802.. | |||||