Total
1820 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12594 | 1 Broadcom | 1 Symantec Messaging Gateway | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 10.7.4. | |||||
| CVE-2020-12519 | 1 Phoenixcontact | 7 Axc F 1152, Axc F 2152, Axc F 2152 Starterkit and 4 more | 2024-11-21 | 10.0 HIGH | 8.8 HIGH |
| On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. to open a reverse shell with root privileges. | |||||
| CVE-2020-12473 | 1 Mono | 1 Monox | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. | |||||
| CVE-2020-12463 | 1 Avira | 1 Software Updater | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files. | |||||
| CVE-2020-12446 | 1 Gskill | 1 Trident Z Lighting Control | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM. | |||||
| CVE-2020-12350 | 1 Intel | 1 Extreme Tuning Utility | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12331 | 1 Intel | 1 Unite Cloud Service Client | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12324 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12313 | 1 Intel | 12 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 8260 and 9 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Insufficient control flow management in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2020-12304 | 2 Intel, Microsoft | 2 Dynamic Application Loader Software Developement Kit, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in Installer for Intel(R) DAL SDK before version 2.1 for Windows may allow an authenticated user to potentially enable escalation of privileges via local access. | |||||
| CVE-2020-12302 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12297 | 1 Intel | 2 Converged Security And Manageability Engine, Trusted Execution Technology | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in Installer for Intel(R) CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. | |||||
| CVE-2020-12242 | 1 Valvesoftware | 1 Source | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account. | |||||
| CVE-2020-12138 | 1 Amd | 1 Atillk64 | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages. | |||||
| CVE-2020-11861 | 1 Microfocus | 1 Operations Agent | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. | |||||
| CVE-2020-11827 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileges and run commands on the machine with SYSTEM rights. | |||||
| CVE-2020-11679 | 1 Castel | 2 Nextgen Dvr, Nextgen Dvr Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account. | |||||
| CVE-2020-11671 | 1 Teampass | 1 Teampass | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default. | |||||
| CVE-2020-11666 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges. | |||||
| CVE-2020-11661 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data. | |||||