Total
1004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12302 | 1 Intel | 1 Driver \& Support Assistant | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12842 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. | |||||
| CVE-2020-12120 | 1 Prestashop | 1 Correos Express | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers. | |||||
| CVE-2020-11827 | 1 Gog | 1 Galaxy | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileges and run commands on the machine with SYSTEM rights. | |||||
| CVE-2020-1170 | 1 Microsoft | 12 Forefront Endpoint Protection 2010, Security Essentials, System Center Endpoint Protection and 9 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163. | |||||
| CVE-2020-11855 | 1 Microfocus | 1 Operation Bridge Reporter | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges. | |||||
| CVE-2020-11911 | 1 Treck | 1 Tcp\/ip | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. | |||||
| CVE-2020-11443 | 1 Zoom | 1 It Installer | 2021-07-21 | 8.5 HIGH | 8.1 HIGH |
| The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files that otherwise cannot be deleted by the user. | |||||
| CVE-2020-11613 | 1 Mids\' Reborn Hero Designer Project | 1 Mids\' Reborn Hero Designer | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application. | |||||
| CVE-2020-10551 | 1 Tencent | 1 Qqbrowser | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService. | |||||
| CVE-2020-9470 | 1 Wftpserver | 1 Wing Ftp Server | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Wing FTP Server 6.2.5 before February 2020. Due to insecure permissions when handling session cookies, a local user may view the contents of the session and session_admin directories, which expose active session cookies within the Wing FTP HTTP interface and administration panel. These cookies may be used to hijack user and administrative sessions, including the ability to execute Lua commands as root within the administration panel. | |||||
| CVE-2020-3961 | 2 Microsoft, Vmware | 2 Windows, Horizon Client | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user. | |||||
| CVE-2020-0410 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-156021269 | |||||
| CVE-2020-0557 | 1 Intel | 12 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 7265 \(rev D\) and 9 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0563 | 1 Intel | 1 Manycore Platform Software Stack | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for Intel(R) MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-13431 | 1 Geti2p | 1 I2p | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory. | |||||
| CVE-2020-5755 | 1 Webroot | 1 Endpoint Agents | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation. | |||||
| CVE-2019-8256 | 1 Adobe | 1 Coldfusion | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-20358 | 2 Microsoft, Trendmicro | 2 Windows, Anti-threat Toolkit | 2021-07-21 | 5.1 MEDIUM | 7.8 HIGH |
| Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool. | |||||
| CVE-2020-4625 | 1 Ibm | 1 Cloud Pak For Security | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. | |||||