Total
2002 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12713 | 1 Ciphermail | 2 Gateway, Webmail Messenger | 2024-08-04 | 7.2 High |
| An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account. | ||||
| CVE-2020-12074 | 1 Webtoffee | 1 Import Export Wordpress Users | 2024-08-04 | 8.8 High |
| The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. | ||||
| CVE-2020-11799 | 1 Z-cron | 1 Z-cron | 2024-08-04 | 9.8 Critical |
| Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. This can also affect all users who are signed in on the system if a shell is placed in a location that other unprivileged users have access to. | ||||
| CVE-2020-11956 | 1 Rittal | 9 Cmc Iii Pu 7030.000, Cmc Iii Pu 7030.000 Firmware, Cmciii-pu-9333e0fb and 6 more | 2024-08-04 | 9.8 Critical |
| An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a least privilege violation. | ||||
| CVE-2020-11640 | 2024-08-04 | 8.8 High | ||
| AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. | ||||
| CVE-2020-11708 | 1 Provideserver | 1 Provide Ftp Server | 2024-08-04 | 9.8 Critical |
| An issue was discovered in ProVide (formerly zFTPServer) through 13.1. Privilege escalation can occur via the /ajax/SetUserInfo messages parameter because of the EXECUTE() feature, which is for executing programs when certain events are triggered. | ||||
| CVE-2020-11552 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-04 | 9.8 Critical |
| An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attacker does not require any privilege on the target system in order to exploit this vulnerability. One option is the self-service option on the Windows login screen. Upon selecting this option, the thick-client software is launched, which connects to a remote ADSelfService Plus server to facilitate self-service operations. An unauthenticated attacker having physical access to the host could trigger a security alert by supplying a self-signed SSL certificate to the client. The View Certificate option from the security alert allows an attacker to export a displayed certificate to a file. This can further cascade to a dialog that can open Explorer as SYSTEM. By navigating from Explorer to \windows\system32, cmd.exe can be launched as a SYSTEM. | ||||
| CVE-2020-11466 | 1 Deskpro | 1 Deskpro | 2024-08-04 | 4.3 Medium |
| An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk tickets stored in database with numerous filters. This leaked sensitive information to unauthorized parties. Additionally, it leaked ticket authentication code, making it possible to make changes to a ticket. | ||||
| CVE-2020-11464 | 1 Deskpro | 1 Deskpro | 2024-08-04 | 4.3 Medium |
| An issue was discovered in Deskpro before 2019.8.0. The /api/people endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve sensitive information about all users registered on the system. This includes their full name, privilege, email address, phone number, etc. | ||||
| CVE-2020-10940 | 1 Phoenixcontact | 3 Portico Server 16 Client, Portico Server 1 Client, Portico Server 4 Client | 2024-08-04 | 7.8 High |
| Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service. | ||||
| CVE-2020-10936 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-08-04 | 7.8 High |
| Sympa before 6.2.56 allows privilege escalation. | ||||
| CVE-2020-10793 | 1 Codeigniter | 1 Codeigniter | 2024-08-04 | 8.8 High |
| CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown website built with the CodeIgniter framework but that CodeIgniter is not responsible for introducing this issue because the framework has never provided a login screen, nor any kind of login or user management facilities beyond a Session library. Also, another reporter indicates the issue is with a custom module/plugin to CodeIgniter, not CodeIgniter itself. | ||||
| CVE-2020-10728 | 1 Automationbroker | 1 Apb | 2024-08-04 | 7.8 High |
| A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-10588 | 1 V2rayl Project | 1 V2rayl | 2024-08-04 | 7.8 High |
| v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo. | ||||
| CVE-2020-10589 | 1 V2rayl Project | 1 V2rayl | 2024-08-04 | 7.8 High |
| v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo. | ||||
| CVE-2020-10384 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-08-04 | 7.8 High |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account. | ||||
| CVE-2020-10088 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 8.1 High |
| GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. | ||||
| CVE-2020-10056 | 1 Siemens | 1 License Management Utility | 2024-08-04 | 7.8 High |
| A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges. | ||||
| CVE-2020-9669 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2024-08-04 | 9.8 Critical |
| Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2020-9141 | 1 Huawei | 2 Emui, Magic Ui | 2024-08-04 | 9.1 Critical |
| There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient verification of data authenticity. | ||||