Total
87 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-7014 | 1 Elastic | 1 Elasticsearch | 2020-06-19 | 8.8 High |
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. | ||||
CVE-2020-6652 | 1 Eaton | 1 Intelligent Power Manager | 2020-05-12 | 7.8 High |
Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters. | ||||
CVE-2020-1989 | 1 Paloaltonetworks | 1 Globalprotect | 2020-04-09 | 7.8 High |
An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. This issue affects Palo Alto Networks Global Protect Agent for Linux 5.0 versions before 5.0.8; 5.1 versions before 5.1.1. | ||||
CVE-2020-7009 | 1 Elastic | 1 Elasticsearch | 2020-04-09 | 8.8 High |
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges. | ||||
CVE-2018-1101 | 1 Redhat | 2 Ansible Tower, Cloudforms | 2019-10-09 | N/A |
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system. | ||||
CVE-2017-12711 | 1 Advantech | 1 Webaccess | 2019-10-09 | N/A |
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges. | ||||
CVE-2016-7070 | 1 Redhat | 1 Ansible Tower | 2019-10-09 | N/A |
A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database. |