Total
2093 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7267 | 1 Mcafee | 1 Virusscan Enterprise | 2024-11-21 | 8.8 High |
| Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Linux prior to 2.0.3 Hotfix 2635000 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||
| CVE-2020-7266 | 1 Mcafee | 1 Virusscan Enterprise | 2024-11-21 | 8.8 High |
| Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE) for Windows prior to 8.8 Patch 14 Hotfix 116778 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||
| CVE-2020-7265 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 8.8 High |
| Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Mac prior to 10.6.9 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||
| CVE-2020-7264 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 8.8 High |
| Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 Hotfix 199847 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. | ||||
| CVE-2020-7259 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 6.6 Medium |
| Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | ||||
| CVE-2020-7257 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 8.4 High |
| Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. This is timing dependent. | ||||
| CVE-2020-7255 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 3.9 Low |
| Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. Administrators can lock the ENS client interface through ePO to prevent users being able to edit the configuration. | ||||
| CVE-2020-7254 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 7.7 High |
| Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense (ATD) 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command. | ||||
| CVE-2020-7125 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 8.8 High |
| A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | ||||
| CVE-2020-7047 | 1 Webfactoryltd | 1 Wp Database Reset | 2024-11-21 | 8.8 High |
| The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. | ||||
| CVE-2020-7020 | 2 Elastic, Redhat | 2 Elasticsearch, Jboss Fuse | 2024-11-21 | 3.1 Low |
| Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. | ||||
| CVE-2020-7019 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 6.5 Medium |
| In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. | ||||
| CVE-2020-7018 | 1 Elastic | 1 Enterprise Search | 2024-11-21 | 8.8 High |
| Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface. If a user is given the �developer� role, they will be able to view the administrator API credentials. These credentials could allow the developer user to conduct operations with the same permissions of the App Search administrator. | ||||
| CVE-2020-7014 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 8.8 High |
| The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. | ||||
| CVE-2020-7009 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 8.8 High |
| Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges. | ||||
| CVE-2020-6992 | 1 Ge | 1 Cimplicity | 2024-11-21 | 6.7 Medium |
| A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an attacker has access to an authenticated session. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer. | ||||
| CVE-2020-6971 | 1 Emerson | 1 Valvelink | 2024-11-21 | 7.8 High |
| In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the ValveLink software may allow a local, unprivileged, trusted insider to escalate privileges due to insecure configuration parameters. | ||||
| CVE-2020-6968 | 1 Honeywell | 2 Inncom Inncontrol, Inncom Inncontrol Firmware | 2024-11-21 | 7.8 High |
| Honeywell INNCOM INNControl 3 allows workstation users to escalate application user privileges through the modification of local configuration files. | ||||
| CVE-2020-6949 | 1 Hashbrowncms | 1 Hashbrown Cms | 2024-11-21 | 8.8 High |
| A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account. | ||||
| CVE-2020-6652 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | 7.8 High |
| Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters. | ||||