ReportizFlow
Filtered by vendor
Subscriptions
Total
1411 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10642 | 1 Rockwellautomation | 1 Rslinx Classic | 2024-11-21 | 7.8 High |
| In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. | ||||
| CVE-2020-10553 | 1 Psyprax | 1 Psyprax | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file. | ||||
| CVE-2020-10551 | 1 Tencent | 1 Qqbrowser | 2024-11-21 | 7.8 High |
| QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService. | ||||
| CVE-2020-10513 | 1 Icatchinc | 1 Dvr Interface | 2024-11-21 | 8.8 High |
| The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file. | ||||
| CVE-2020-10140 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis. | ||||
| CVE-2020-0668 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.8 High |
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672. | ||||
| CVE-2020-0563 | 1 Intel | 1 Manycore Platform Software Stack | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for Intel(R) MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0559 | 2 Intel, Microsoft | 78 Ac 3165 Firmware, Ac 3168 Firmware, Ac 7265 Firmware and 75 more | 2024-11-21 | 7.8 High |
| Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi products on Windows* 7 and 8.1 before version 21.40.5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0557 | 1 Intel | 12 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 7265 \(rev D\) and 9 more | 2024-11-21 | 7.8 High |
| Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0417 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-154319182 | ||||
| CVE-2020-0410 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-156021269 | ||||
| CVE-2019-9464 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 | ||||
| CVE-2019-9378 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In the Activity Manager service, there is a possible permission bypass due to incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124539196 | ||||
| CVE-2019-9222 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions. | ||||
| CVE-2019-9166 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php. | ||||
| CVE-2019-9008 | 1 Codesys | 10 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 7 more | 2024-11-21 | 8.8 High |
| An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can take full control over the runtime. | ||||
| CVE-2019-8342 | 2 Apple, Foxitsoftware | 2 Macos, Foxit Reader | 2024-11-21 | N/A |
| A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0.0111 on macOS has been discovered due to an incorrect permission set. | ||||
| CVE-2019-8283 | 1 Gemalto | 1 Sentinel Ldk | 2024-11-21 | 6.5 Medium |
| Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it. | ||||
| CVE-2019-8256 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 9.8 Critical |
| ColdFusion versions Update 6 and earlier have an insecure inherited permissions of default installation directory vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| CVE-2019-8071 | 2 Adobe, Microsoft | 2 Download Manager, Windows | 2024-11-21 | 9.8 Critical |
| Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation. | ||||