Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-29 | CVE-2020-27654 | Improper Privilege Management vulnerability in Synology Router Manager Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. | 9.8 |
| 2020-10-28 | CVE-2020-16262 | Improper Privilege Management vulnerability in Winstonprivacy Winston Firmware 1.5.4 Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation. | 7.8 |
| 2020-10-26 | CVE-2020-7125 | Improper Privilege Management vulnerability in Arubanetworks Airwave Glass 1.2.1/1.3.0/1.3.1 A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | 8.8 |
| 2020-10-23 | CVE-2020-24848 | Improper Privilege Management vulnerability in Fruitywifi Project Fruitywifi FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. | 7.8 |
| 2020-10-22 | CVE-2020-7020 | Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. | 3.1 |
| 2020-10-19 | CVE-2020-9112 | Improper Privilege Management vulnerability in Huawei Taurus-An00B Firmware 10.1.0.156 Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. | 7.8 |
| 2020-10-15 | CVE-2020-7334 | Improper Privilege Management vulnerability in Mcafee Application and Change Control Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. | 8.2 |
| 2020-10-14 | CVE-2020-7330 | Improper Privilege Management vulnerability in Mcafee Total Protection 4.0.161.1 Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables | 8.8 |
| 2020-10-07 | CVE-2020-26880 | Improper Privilege Management vulnerability in multiple products Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable. | 7.8 |
| 2020-10-07 | CVE-2020-26596 | Improper Privilege Management vulnerability in Elementor PRO 3.0.5 The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. | 8.8 |