Total
1246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13599 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 3.3 Low |
| Security problem with settings and littlefs. Zephyr versions >= 1.14.2, >= 2.3.0 contain Incorrect Default Permissions (CWE-276). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q | ||||
| CVE-2020-13555 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13554 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13553 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13552 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13551 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13549 | 1 Sytech | 1 Xlreporter | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation. | ||||
| CVE-2020-13542 | 1 Logicaldoc | 1 Logicaldoc | 2024-11-21 | 7.8 High |
| A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges. | ||||
| CVE-2020-13541 | 1 Win911 | 1 Mobile-911 Server | 2024-11-21 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other files within the installation folder that could lead to local privilege escalation. | ||||
| CVE-2020-13540 | 1 Win911 | 1 Win-911 | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed. | ||||
| CVE-2020-13539 | 1 Win911 | 1 Win-911 | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed. | ||||
| CVE-2020-13537 | 1 Moxa | 1 Mxview | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run. | ||||
| CVE-2020-13536 | 1 Moxa | 1 Mxview | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality. | ||||
| CVE-2020-13535 | 1 Kepware | 1 Linkmaster | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges. | ||||
| CVE-2020-13534 | 1 Dreamreport | 1 Dream Report | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-13533 | 1 Dreamreport | 1 Dream Report | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application. | ||||
| CVE-2020-13532 | 1 Dreamreport | 1 Dream Report | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-13468 | 1 Gigadevice | 2 Gd32f130, Gd32f130 Firmware | 2024-11-21 | 6.8 Medium |
| Gigadevice GD32F130 devices allow physical attackers to escalate their debug interface permissions via fault injection into inter-IC bonding wires (which have insufficient physical protection). | ||||
| CVE-2020-13452 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 9.8 Critical |
| In Gotenberg through 6.2.1, insecure permissions for tini (writable by user gotenberg) potentially allow an attacker to overwrite the file, which can lead to denial of service or code execution. | ||||
| CVE-2020-13351 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker. Affected versions are >=13.0, <13.3.9,>=13.4.0, <13.4.5,>=13.5.0, <13.5.2. | ||||