Total
1834 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8290 | 1 Backblaze | 1 Backblaze | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary. | |||||
| CVE-2020-8283 | 1 Citrix | 3 Virtual Apps And Desktops, Xenapp, Xendesktop | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. | |||||
| CVE-2020-8269 | 1 Citrix | 3 Virtual Apps And Desktops, Xenapp, Xendesktop | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 | |||||
| CVE-2020-8258 | 1 Citrix | 1 Gateway Plug-in | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. | |||||
| CVE-2020-8247 | 1 Citrix | 5 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface. | |||||
| CVE-2020-8199 | 1 Citrix | 1 Gateway Plug-in For Linux | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root. | |||||
| CVE-2020-8197 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands. | |||||
| CVE-2020-8146 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the windows registry when installing UniFi-Video controller. Affected Products: UniFi Video Controller v3.10.2 (for Windows 7/8/10 x64) and prior. Fixed in UniFi Video Controller v3.10.3 and newer. | |||||
| CVE-2020-8126 | 1 Ui | 1 Edgeswitch | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize the user input resulting in local commands execution, allowing an operator user (Privilege-1) to escalate privileges and became administrator (Privilege-15). | |||||
| CVE-2020-7954 | 1 Opservices | 1 Opmon | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs (e.g. nmap) without the need for a password with sudo. | |||||
| CVE-2020-7938 | 1 Plone | 1 Plone | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. | |||||
| CVE-2020-7710 | 1 Safe-eval Project | 1 Safe-eval | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| This affects all versions of package safe-eval. It is possible for an attacker to run an arbitrary command on the host machine. | |||||
| CVE-2020-7578 | 1 Siemens | 1 Opcenter Execution Core | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform unauthorized changes. | |||||
| CVE-2020-7544 | 1 Schneider-electric | 1 Operator Terminal Expert Runtime | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert. | |||||
| CVE-2020-7523 | 1 Schneider-electric | 2 Modbus Driver Suite, Modbus Serial Driver | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. | |||||
| CVE-2020-7509 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files. | |||||
| CVE-2020-7467 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.2 HIGH | 7.6 HIGH |
| In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped. | |||||
| CVE-2020-7335 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 4.4 MEDIUM | 7.5 HIGH |
| Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window. | |||||
| CVE-2020-7334 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | 4.6 MEDIUM | 7.7 HIGH |
| Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software. | |||||
| CVE-2020-7330 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables | |||||