Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-23 | CVE-2020-24848 | Improper Privilege Management vulnerability in Fruitywifi Project Fruitywifi FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. | 7.8 |
| 2020-10-22 | CVE-2020-7020 | Improper Privilege Management vulnerability in Elastic Elasticsearch Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. | 3.1 |
| 2020-10-19 | CVE-2020-9112 | Improper Privilege Management vulnerability in Huawei Taurus-An00B Firmware 10.1.0.156 Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. | 7.8 |
| 2020-10-16 | CVE-2020-16940 | Improper Privilege Management vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles junction points. | 7.8 |
| 2020-10-16 | CVE-2020-16902 | Improper Privilege Management vulnerability in Microsoft products <p>An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.</p> <p>A locally authenticated attacker could run arbitrary code with elevated system privileges. | 7.8 |
| 2020-10-15 | CVE-2020-7334 | Improper Privilege Management vulnerability in Mcafee Application and Change Control Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. | 8.2 |
| 2020-10-14 | CVE-2020-7330 | Improper Privilege Management vulnerability in Mcafee Total Protection 4.0.161.1 Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables | 8.8 |
| 2020-10-13 | CVE-2020-15797 | Improper Privilege Management vulnerability in Siemens DCA Vantage Analyzer Firmware A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. | 6.8 |
| 2020-10-07 | CVE-2020-26880 | Improper Privilege Management vulnerability in multiple products Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable. | 7.8 |
| 2020-10-07 | CVE-2020-26596 | Improper Privilege Management vulnerability in Elementor PRO 3.0.5 The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. | 8.8 |