Total
1836 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9596 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | |||||
| CVE-2020-9592 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | |||||
| CVE-2020-9540 | 1 Sophos | 1 Hitmanpro.alert | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Sophos HitmanPro.Alert before build 861 allows local elevation of privilege. | |||||
| CVE-2020-9475 | 1 Siedle | 2 Sg 150-0, Sg 150-0 Firmware | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows local privilege escalation via a race condition in logrotate. By using an exploit chain, an attacker with access to the network can get root access on the gateway. | |||||
| CVE-2020-9332 | 1 Fabulatech | 1 Usb For Remote Desktop | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device. | |||||
| CVE-2020-9331 | 1 Cryptopro | 1 Csp | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space. | |||||
| CVE-2020-9225 | 1 Huawei | 1 Fusionsphere Openstack | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege. | |||||
| CVE-2020-9114 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation. | |||||
| CVE-2020-9112 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege. | |||||
| CVE-2020-9078 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. | |||||
| CVE-2020-9046 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. | |||||
| CVE-2020-9043 | 1 Wpcentral | 1 Wpcentral | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. | |||||
| CVE-2020-8948 | 1 Sierrawireless | 1 Mobile Broadband Driver Package | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges. | |||||
| CVE-2020-8828 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with access to the cluster or logs, this issue could be abused for privilege escalation, as Argo has privileged roles. A malicious insider is the most realistic threat, but pod names are not meant to be kept secret and could wind up just about anywhere. | |||||
| CVE-2020-8808 | 1 Corsair | 1 Icue | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace. | |||||
| CVE-2020-8736 | 1 Intel | 1 Computing Improvement Program | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8635 | 1 Wftpserver | 1 Wing Ftp Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation directories and configuration files. This allows local users to arbitrarily create FTP users with full privileges, and escalate privileges within the operating system by modifying system files. | |||||
| CVE-2020-8494 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the emp_id, userid, pw1, pw2, supervisor, and timekeeper parameters. | |||||
| CVE-2020-8474 | 1 Abb | 1 800xa Base System | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. | |||||
| CVE-2020-8351 | 1 Lenovo | 1 Pcmanager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. | |||||