CVE-2020-24718

HIGH Year: 2020
CVSS v3 Score
8.2
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-862
View all →

Vulnerability Description

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.

Related Vulnerabilities

CVE-2022-0871

HIGH
CVSS:8.2(High)

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.

CWE-8622022

CVE-2022-1066

HIGH
CVSS:8.2(High)

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

CWE-8622022

CVE-2022-3321

HIGH
CVSS:8.2(High)

It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by en...

CWE-8622022

CVE-2022-41930

HIGH
CVSS:8.2(High)

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or dis...

CWE-8622022

CVE-2023-37862

HIGH
CVSS:8.2(High)

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-co...

CWE-8622023

CVE-2023-40608

HIGH
CVSS:8.2(High)

Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3.

CWE-8622023