CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31727
https://notcve.org/view.php?id=CVE-2021-31727
17 May 2021 — \ZemanaAntiMalware, register with the driver using IOCTL 0x80002010 and send these IOCTL's to escalate privileges by overwriting the boot sector or overwriting critical code in the pagefile. • https://github.com/irql0/CVE-2021-31728/blob/master/CVE-2021-31727.md •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-31153 – Ubuntu Security Notice USN-4955-1
https://notcve.org/view.php?id=CVE-2021-31153
17 May 2021 — A local attacker could use these issues to cause Please to crash, resulting in a denial of service, or possibly escalate privileges. • http://www.openwall.com/lists/oss-security/2021/05/18/1 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29041
https://notcve.org/view.php?id=CVE-2021-29041
16 May 2021 — Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret. Una vulnerabilidad de denegación de servicio (DoS) en el módulo de autenticación Multi-Factor en Liferay DXP versiones 7.3 anteriores al fixpack 1, permite a atacantes autenticados re... • https://issues.liferay.com/browse/LPE-17131 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2021-33026
https://notcve.org/view.php?id=CVE-2021-33026
13 May 2021 — The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. • https://github.com/CarlosG13/CVE-2021-33026 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 0CVE-2020-36198 – Command Injection Vulnerability in Malware Remover
https://notcve.org/view.php?id=CVE-2020-36198
13 May 2021 — Malware Remover versión 3.x This vulnerability allows local attackers to escalate privileges on affected installations of QNAP NAS. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the admin user. QNAP MusicStation and MalwareRemover are affected by arbitrary file upload and command injection vulnerabilities, leading to pre-authentication remote command execution with root privileges on the NAS. • http://packetstormsecurity.com/files/162849/QNAP-MusicStation-MalwareRemover-File-Upload-Command-Injection.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3491 – Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass
https://notcve.org/view.php?id=CVE-2021-3491
12 May 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 4CVE-2021-3490 – Linux kernel eBPF bitwise ops ALU32 bounds tracking
https://notcve.org/view.php?id=CVE-2021-3490
12 May 2021 — Los problemas de AND/OR fueron introducidos por el commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) y la variante XOR fue introducida por 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1) This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. • https://packetstorm.news/files/id/164015 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20292 – Ubuntu Security Notice USN-4946-1
https://notcve.org/view.php?id=CVE-2021-20292
12 May 2021 — An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1939686 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3489 – Linux kernel eBPF RINGBUF map oversized allocation
https://notcve.org/view.php?id=CVE-2021-3489
12 May 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 82%CPEs: 19EXPL: 0CVE-2021-31188 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31188
11 May 2021 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31188 • CWE-416: Use After Free •