Total
2002 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7467 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 7.6 High |
| In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped. | ||||
| CVE-2020-7578 | 1 Siemens | 1 Opcenter Execution Core | 2024-08-04 | 8.1 High |
| A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform unauthorized changes. | ||||
| CVE-2020-7544 | 1 Schneider-electric | 1 Operator Terminal Expert Runtime | 2024-08-04 | 7.8 High |
| A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert. | ||||
| CVE-2020-7509 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-08-04 | 7.2 High |
| A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files. | ||||
| CVE-2020-7523 | 1 Schneider-electric | 2 Modbus Driver Suite, Modbus Serial Driver | 2024-08-04 | 7.8 High |
| Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. | ||||
| CVE-2020-7335 | 1 Mcafee | 1 Total Protection | 2024-08-04 | 7.5 High |
| Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window. | ||||
| CVE-2020-7330 | 1 Mcafee | 1 Total Protection | 2024-08-04 | 7.5 High |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables | ||||
| CVE-2020-7305 | 1 Mcafee | 1 Data Loss Prevention | 2024-08-04 | 6.7 Medium |
| Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials. | ||||
| CVE-2020-7310 | 1 Mcafee | 1 Total Protection | 2024-08-04 | 6.9 Medium |
| Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file. | ||||
| CVE-2020-7281 | 1 Mcafee | 1 Total Protection | 2024-08-04 | 7.5 High |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||
| CVE-2020-7283 | 1 Mcafee | 1 Total Protection | 2024-08-04 | 7.5 High |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine. | ||||
| CVE-2020-7125 | 1 Arubanetworks | 1 Airwave Glass | 2024-08-04 | 8.8 High |
| A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | ||||
| CVE-2020-7009 | 1 Elastic | 1 Elasticsearch | 2024-08-04 | 8.8 High |
| Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges. | ||||
| CVE-2020-7020 | 2 Elastic, Redhat | 2 Elasticsearch, Jboss Fuse | 2024-08-04 | 3.1 Low |
| Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. | ||||
| CVE-2020-7018 | 1 Elastic | 1 Enterprise Search | 2024-08-04 | 8.8 High |
| Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator. | ||||
| CVE-2020-7019 | 1 Elastic | 1 Elasticsearch | 2024-08-04 | 6.5 Medium |
| In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. | ||||
| CVE-2020-7047 | 1 Webfactoryltd | 1 Wp Database Reset | 2024-08-04 | 8.8 High |
| The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. | ||||
| CVE-2020-7014 | 1 Elastic | 1 Elasticsearch | 2024-08-04 | 8.8 High |
| The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. | ||||
| CVE-2020-6949 | 1 Hashbrowncms | 1 Hashbrown Cms | 2024-08-04 | 8.8 High |
| A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account. | ||||
| CVE-2020-6971 | 1 Emerson | 1 Valvelink | 2024-08-04 | 7.8 High |
| In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. | ||||