Export limit exceeded: 75830 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75830 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7360 | 1 Philips | 1 Smartcontrol | 2024-11-21 | 7.4 High |
| An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.) | ||||
| CVE-2020-7352 | 1 Gog | 1 Galaxy | 2024-11-21 | 8.4 High |
| The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software. | ||||
| CVE-2020-7351 | 1 Netfortris | 1 Trixbox | 2024-11-21 | 7.3 High |
| An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected. | ||||
| CVE-2020-7335 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.5 High |
| Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window. | ||||
| CVE-2020-7334 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | 7.7 High |
| Improper privilege assignment vulnerability in the installer McAfee Application and Change Control (MACC) prior to 8.3.2 allows local administrators to change or update the configuration settings via a carefully constructed MSI configured to mimic the genuine installer. This version adds further controls for installation/uninstallation of software. | ||||
| CVE-2020-7332 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 7 High |
| Cross Site Request Forgery vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows an attacker to execute arbitrary HTML code due to incorrect security configuration. | ||||
| CVE-2020-7331 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 7.8 High |
| Unquoted service executable path in McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows local users to cause a denial of service and malicious file execution via carefully crafted and named executable files. | ||||
| CVE-2020-7330 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.5 High |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables | ||||
| CVE-2020-7329 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 7.2 High |
| Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO administrator. | ||||
| CVE-2020-7328 | 1 Mcafee | 1 Mvision Endpoint | 2024-11-21 | 7.2 High |
| External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of an HTTP request, where the content for the attack has been loaded into ePO by an ePO administrator. | ||||
| CVE-2020-7319 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 8.8 High |
| Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to access files which the user otherwise would not have access to via manipulating symbolic links to redirect McAfee file operations to an unintended file. | ||||
| CVE-2020-7314 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 8.2 High |
| Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. | ||||
| CVE-2020-7312 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 7.8 High |
| DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. | ||||
| CVE-2020-7311 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 7.8 High |
| Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. | ||||
| CVE-2020-7304 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 7.6 High |
| Cross site request forgery vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attacker to embed a CRSF script via adding a new label. | ||||
| CVE-2020-7298 | 1 Mcafee | 1 Total Protection | 2024-11-21 | 7.5 High |
| Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call. | ||||
| CVE-2020-7291 | 2 Apple, Mcafee | 2 Macos, Active Response | 2024-11-21 | 7.8 High |
| Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | ||||
| CVE-2020-7290 | 2 Linux, Mcafee | 2 Linux Kernel, Active Response | 2024-11-21 | 7.8 High |
| Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | ||||
| CVE-2020-7289 | 2 Mcafee, Microsoft | 2 Active Response, Windows | 2024-11-21 | 7.8 High |
| Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | ||||
| CVE-2020-7288 | 2 Apple, Mcafee | 2 Macos, Endpoint Detection And Response | 2024-11-21 | 7.8 High |
| Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. | ||||