Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-29 | CVE-2020-27643 | Improper Privilege Management vulnerability in 1E Client 4.1.0.267/5.0.0.745 The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. | 4.0 |
| 2020-12-29 | CVE-2020-16268 | Improper Privilege Management vulnerability in 1E Client 4.1.0.267/5.0.0.745 The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. | 6.5 |
| 2020-12-28 | CVE-2020-13474 | Improper Privilege Management vulnerability in Nchsoftware Express Accounts 8.24 In NCH Express Accounts 8.24 and earlier, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as Add/Edit users. | 4.0 |
| 2020-12-28 | CVE-2020-27172 | Improper Privilege Management vulnerability in Gdatasoftware G Data An issue was discovered in G-Data before 25.5.9.25 using Symbolic links, it is possible to abuse the infected-file restore mechanism to achieve arbitrary write that leads to elevation of privileges. | 7.5 |
| 2020-12-27 | CVE-2020-8290 | Improper Privilege Management vulnerability in Backblaze Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary. | 4.6 |
| 2020-12-26 | CVE-2020-35364 | Improper Privilege Management vulnerability in Huorong Internet Security 5.0.55.2 Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot. | 7.5 |
| 2020-12-26 | CVE-2020-25917 | Improper Privilege Management vulnerability in Stratodesk Notouch Center 4.1.24 Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. | 6.5 |
| 2020-12-24 | CVE-2020-9119 | Improper Privilege Management vulnerability in Huawei products There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. | 4.6 |
| 2020-12-23 | CVE-2020-25194 | Improper Privilege Management vulnerability in Moxa Nport Iaw5000A-I/O Firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. | 6.5 |
| 2020-12-17 | CVE-2020-12519 | Improper Privilege Management vulnerability in Phoenixcontact Plcnext Firmware On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e. | 10.0 |