Total
1280 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13551 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13549 | 1 Sytech | 1 Xlreporter | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation. | ||||
| CVE-2020-13542 | 1 Logicaldoc | 1 Logicaldoc | 2024-11-21 | 7.8 High |
| A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges. | ||||
| CVE-2020-13541 | 1 Win911 | 1 Mobile-911 Server | 2024-11-21 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other files within the installation folder that could lead to local privilege escalation. | ||||
| CVE-2020-13540 | 1 Win911 | 1 Win-911 | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed. | ||||
| CVE-2020-13539 | 1 Win911 | 1 Win-911 | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed. | ||||
| CVE-2020-13537 | 1 Moxa | 1 Mxview | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run. | ||||
| CVE-2020-13536 | 1 Moxa | 1 Mxview | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality. | ||||
| CVE-2020-13535 | 1 Kepware | 1 Linkmaster | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges. | ||||
| CVE-2020-13534 | 1 Dreamreport | 1 Dream Report | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-13533 | 1 Dreamreport | 1 Dream Report | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application. | ||||
| CVE-2020-13532 | 1 Dreamreport | 1 Dream Report | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-13468 | 1 Gigadevice | 2 Gd32f130, Gd32f130 Firmware | 2024-11-21 | 6.8 Medium |
| Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection). | ||||
| CVE-2020-13452 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 9.8 Critical |
| In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution. | ||||
| CVE-2020-13351 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. | ||||
| CVE-2020-13240 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 5.4 Medium |
| The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. | ||||
| CVE-2020-13149 | 1 Msi | 1 Dragon Center | 2024-11-21 | 7.8 High |
| Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory. | ||||
| CVE-2020-12912 | 1 Amd | 1 Energy Driver For Linux | 2024-11-21 | 5.5 Medium |
| A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access. | ||||
| CVE-2020-12834 | 1 Eq-3 | 4 Ccu3 Firmware, Homematic Ccu2, Homematic Ccu2 Firmware and 1 more | 2024-11-21 | 9.8 Critical |
| eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset). | ||||
| CVE-2020-12831 | 2 Linuxfoundation, Redhat | 2 Free Range Routing, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file | ||||