Total
2002 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6968 | 1 Honeywell | 2 Inncom Inncontrol, Inncom Inncontrol Firmware | 2024-08-04 | 7.8 High |
| Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. | ||||
| CVE-2020-6992 | 1 Ge | 1 Cimplicity | 2024-08-04 | 6.7 Medium |
| A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an attacker has access to an authenticated session. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer. | ||||
| CVE-2020-6584 | 1 Nagios | 1 Nagios | 2024-08-04 | 6.5 Medium |
| Nagios Log Server 2.1.3 has Incorrect Access Control. | ||||
| CVE-2020-6236 | 1 Sap | 2 Adaptive Extensions, Landscape Management | 2024-08-04 | 7.2 High |
| SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation. | ||||
| CVE-2020-6024 | 1 Checkpoint | 1 Smartconsole | 2024-08-04 | 7.8 High |
| Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users. | ||||
| CVE-2020-6013 | 1 Checkpoint | 1 Zonealarm Extreme Security | 2024-08-04 | 8.8 High |
| ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems. | ||||
| CVE-2020-5916 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-08-04 | 6.8 Medium |
| In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate Administrator user role and higher privileged roles can perform arbitrary file reads outside of the web root directory. | ||||
| CVE-2020-5773 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-08-04 | 8.8 High |
| Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations. | ||||
| CVE-2020-5617 | 1 Skygroup | 1 Skysea Client View | 2024-08-04 | 7.8 High |
| Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors. | ||||
| CVE-2020-5291 | 4 Archlinux, Centos, Debian and 1 more | 4 Arch Linux, Centos, Debian Linux and 1 more | 2024-08-04 | 7.2 High |
| Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update. | ||||
| CVE-2020-5253 | 1 Nethack | 1 Nethack | 2024-08-04 | 3.9 Low |
| NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0. | ||||
| CVE-2020-5302 | 1 Mh-wikibot Project | 1 Mh-wikibot | 2024-08-04 | 8.2 High |
| MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1. | ||||
| CVE-2020-5182 | 1 Cmsjunkie | 1 J-businessdirectory | 2024-08-04 | 6.5 Medium |
| The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location). | ||||
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2024-08-04 | 7.8 High |
| VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | ||||
| CVE-2020-1708 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-08-04 | 7 High |
| It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb. | ||||
| CVE-2020-1488 | 1 Microsoft | 15 Windows 10, Windows 10 1507, Windows 10 1607 and 12 more | 2024-08-04 | 7 High |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges. The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges. | ||||
| CVE-2020-1431 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-08-04 | 7.8 High |
| An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | ||||
| CVE-2020-1412 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-04 | 8.8 High |
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | ||||
| CVE-2020-1416 | 1 Microsoft | 5 Azure Storage Explorer, Typescript, Visual Studio 2017 and 2 more | 2024-08-04 | 8.8 High |
| An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'. | ||||
| CVE-2020-1014 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-08-04 | 7.8 High |
| An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. | ||||