CWE:
 

Topic
Date
Author
Med.
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
25.04.2017
Hank Leininger and Mat...


CVEMAP Search Results

CVE
Details
Description
2020-11-12
Medium
CVE-2020-24525

Updating...
 

 
Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access.

 
Medium
CVE-2020-12345

Vendor: Intel
Software: Data center ...
 

 
Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

 
2020-10-16
Low
CVE-2020-16910

Vendor: Microsoft
Software: Windows 10
 

 
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location.To exploit this vulnerability, an attacker could run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.The security update addresses the vulnerability by correcting security feature behavior to enforce permissions., aka 'Windows Security Feature Bypass Vulnerability'.

 
2020-09-21
Low
CVE-2020-6564

Vendor: Google
Software: Chrome
 

 
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.

 
2020-09-18
Low
CVE-2020-0265

Vendor: Google
Software: Android
 

 
In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839

 
Low
CVE-2020-0269

Vendor: Google
Software: Android
 

 
In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626

 
Low
CVE-2020-0327

Vendor: Google
Software: Android
 

 
In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407

 
Low
CVE-2020-0331

Vendor: Google
Software: Android
 

 
In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device's IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310

 
Medium
CVE-2020-0405

Vendor: Google
Software: Android
 

 
In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111

 
2020-09-15
Low
CVE-2020-13308

Vendor: Gitlab
Software: Gitlab
 

 
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. A user without 2 factor authentication enabled could be prohibited from accessing GitLab by being invited into a project that had 2 factor authentication inheritance.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top