Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-09 | CVE-2020-8320 | Improper Privilege Management vulnerability in Lenovo products An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. | 6.8 |
| 2020-06-03 | CVE-2020-7014 | Improper Privilege Management vulnerability in Elastic Elasticsearch The fix for CVE-2020-7009 was found to be incomplete. | 8.8 |
| 2020-06-03 | CVE-2020-13776 | Improper Privilege Management vulnerability in multiple products systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. | 6.7 |
| 2020-06-01 | CVE-2020-13695 | Improper Privilege Management vulnerability in Quickbox In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file. | 7.2 |
| 2020-05-27 | CVE-2020-10936 | Improper Privilege Management vulnerability in multiple products Sympa before 6.2.56 allows privilege escalation. | 7.8 |
| 2020-05-26 | CVE-2020-9046 | Improper Privilege Management vulnerability in Johnsoncontrols Kantech Entrapass 8.22 A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. | 7.8 |
| 2020-05-26 | CVE-2020-3812 | Improper Privilege Management vulnerability in multiple products qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. | 5.5 |
| 2020-05-18 | CVE-2019-17066 | Improper Privilege Management vulnerability in Ivanti Workspace Control In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. | 7.8 |
| 2020-05-18 | CVE-2020-12860 | Improper Privilege Management vulnerability in Health Covidsafe 1.0.11/1.0.16/1.0.17 COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. | 5.3 |
| 2020-05-15 | CVE-2020-12798 | Improper Privilege Management vulnerability in Sun-Denshi Universal Forensic Extraction Device Firmware 5.0/7.5.0.845 Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. | 7.8 |