Total
1799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12495 | 1 Endress | 8 Orsg35, Orsg35 Firmware, Orsg45 and 5 more | 2020-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management. The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic "tokens". The vulnerability is that user sessions are not closed correctly and a user with fewer rights is assigned the higher rights when he logs on. | |||||
| CVE-2020-8269 | 1 Citrix | 3 Virtual Apps And Desktops, Xenapp, Xendesktop | 2020-12-03 | 9.0 HIGH | 8.8 HIGH |
| An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 | |||||
| CVE-2020-8351 | 1 Lenovo | 1 Pcmanager | 2020-12-02 | 4.6 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-9114 | 1 Huawei | 1 Fusioncompute | 2020-12-02 | 7.2 HIGH | 7.8 HIGH |
| FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation. | |||||
| CVE-2020-3482 | 1 Cisco | 2 Expressway, Telepresence Video Communication Server | 2020-12-02 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations. The vulnerability is due to improper validation of specific connection information by the TURN server within the affected software. An attacker could exploit this issue by sending specially crafted network traffic to the affected software. A successful exploit could allow the attacker to send traffic through the affected software to destinations beyond the application, possibly allowing the attacker to gain unauthorized network access. | |||||
| CVE-2020-26072 | 1 Cisco | 1 Iot Field Network Director | 2020-11-25 | 5.5 MEDIUM | 8.7 HIGH |
| A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain. | |||||
| CVE-2020-26077 | 1 Cisco | 1 Iot Field Network Director | 2020-11-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system. | |||||
| CVE-2020-26080 | 1 Cisco | 1 Iot Field Network Director | 2020-11-25 | 4.0 MEDIUM | 4.1 MEDIUM |
| A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system. | |||||
| CVE-2020-16126 | 1 Freedesktop | 1 Accountsservice | 2020-11-24 | 2.1 LOW | 3.3 LOW |
| An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a timely fashion. | |||||
| CVE-2020-27122 | 1 Cisco | 1 Identity Services Engine | 2020-11-20 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful exploit could allow the attacker to obtain root privileges on an affected device. | |||||
| CVE-2020-28046 | 1 Pax | 1 Prolinos | 2020-11-17 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user (MAINAPP) can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch. | |||||
| CVE-2020-2022 | 1 Paloaltonetworks | 1 Pan-os | 2020-11-16 | 5.1 MEDIUM | 7.5 HIGH |
| An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacker to gain privileged access to the Panorama web interface. An attacker requires some knowledge of managed firewalls to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5. | |||||
| CVE-2002-0080 | 2 Redhat, Samba | 2 Linux, Rsync | 2020-11-16 | 2.1 LOW | N/A |
| rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. | |||||
| CVE-2020-15797 | 1 Siemens | 2 Dca Vantage Analyzer, Dca Vantage Analyzer Firmware | 2020-10-28 | 7.2 HIGH | 6.8 MEDIUM |
| A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-2020-15797). Improper Access Control could allow an unauthenticated attacker to escape from the restricted environment (“kiosk mode”) and access the underlying operating system. Successful exploitation requires direct physical access to the system. | |||||
| CVE-2020-7125 | 1 Arubanetworks | 1 Airwave Glass | 2020-10-27 | 6.5 MEDIUM | 8.8 HIGH |
| A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-9112 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2020-10-26 | 4.6 MEDIUM | 7.8 HIGH |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege. | |||||
| CVE-2019-11847 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2020-10-19 | 7.2 HIGH | 7.8 HIGH |
| An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell. | |||||
| CVE-2019-5415 | 1 Zeit | 1 Serve | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to. | |||||
| CVE-2019-1588 | 1 Cisco | 2 Nexus 9000, Nx-os | 2020-10-19 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the Cisco Nexus 9000 Series Fabric Switches running in Application-Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms of user-supplied input sent to an affected device. A successful exploit could allow the attacker unauthorized access to read arbitrary files on an affected device. This vulnerability has been fixed in version 14.0(1h). | |||||
| CVE-2019-3849 | 1 Moodle | 1 Moodle | 2020-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. | |||||