Total
2093 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8327 | 1 Lenovo | 1 Vantage | 2024-11-21 | 7.3 High |
| A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges. | ||||
| CVE-2020-8320 | 1 Lenovo | 200 Thinkpad 11e, Thinkpad 11e Firmware, Thinkpad 11e Yoga Gen 6 and 197 more | 2024-11-21 | 6.4 Medium |
| An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. | ||||
| CVE-2020-8290 | 1 Backblaze | 1 Backblaze | 2024-11-21 | 7.8 High |
| Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary. | ||||
| CVE-2020-8283 | 1 Citrix | 3 Virtual Apps And Desktops, Xenapp, Xendesktop | 2024-11-21 | 8.8 High |
| An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. | ||||
| CVE-2020-8275 | 1 Citrix | 1 Secure Mail | 2024-11-21 | 4.3 Medium |
| Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. | ||||
| CVE-2020-8269 | 1 Citrix | 3 Virtual Apps And Desktops, Xenapp, Xendesktop | 2024-11-21 | 8.8 High |
| An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 | ||||
| CVE-2020-8258 | 1 Citrix | 1 Gateway Plug-in | 2024-11-21 | 7.5 High |
| Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. | ||||
| CVE-2020-8257 | 1 Citrix | 1 Gateway Plug-in | 2024-11-21 | 9.8 Critical |
| Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks | ||||
| CVE-2020-8247 | 1 Citrix | 5 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 2 more | 2024-11-21 | 8.8 High |
| Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface. | ||||
| CVE-2020-8223 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 6.5 Medium |
| A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. | ||||
| CVE-2020-8179 | 1 Nextcloud | 1 Deck | 2024-11-21 | 4.1 Medium |
| Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. | ||||
| CVE-2020-8113 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.8 Critical |
| GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. | ||||
| CVE-2020-8092 | 1 Bitdefender | 1 Antivirus | 2024-11-21 | 1.6 Low |
| A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0. | ||||
| CVE-2020-8021 | 2 Debian, Opensuse | 2 Debian Linux, Open Build Service | 2024-11-21 | 5.3 Medium |
| a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5. | ||||
| CVE-2020-7916 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 6.5 Medium |
| be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpress_be_teacher URI without any additional permission checks. Therefore, any user can change its role to an instructor/teacher and gain access to otherwise restricted data. | ||||
| CVE-2020-7908 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 Medium |
| In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. | ||||
| CVE-2020-7578 | 1 Siemens | 1 Opcenter Execution Core | 2024-11-21 | 8.1 High |
| A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform unauthorized changes. | ||||
| CVE-2020-7544 | 1 Schneider-electric | 1 Operator Terminal Expert Runtime | 2024-11-21 | 7.8 High |
| A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert. | ||||
| CVE-2020-7523 | 1 Schneider-electric | 2 Modbus Driver Suite, Modbus Serial Driver | 2024-11-21 | 7.8 High |
| Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. | ||||
| CVE-2020-7509 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 7.2 High |
| A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files. | ||||