CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-31187 – Windows WalletService Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31187
11 May 2021 — Windows WalletService Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios de Windows WalletService This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31187 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 87%CPEs: 9EXPL: 0CVE-2021-31170 – Windows Graphics Component Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31170
11 May 2021 — Este ID de CVE es diferente de CVE-2021-31188 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31170 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2021-1520 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1520
06 May 2021 — A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS). This vulnerability exists because an internal messaging service does not properly sanitize input. An attacker could exploit this vulnerability by first authenticating to the device and then sending a crafted request to the internal service. A successful exp... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-34x-privesc-GLN8ZAQE • CWE-123: Write-what-where Condition •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-21550
https://notcve.org/view.php?id=CVE-2021-21550
06 May 2021 — This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. • https://www.dell.com/support/kbdoc/000185978 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21527
https://notcve.org/view.php?id=CVE-2021-21527
06 May 2021 — This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. • https://www.dell.com/support/kbdoc/000185978 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28013 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28013
06 May 2021 — Esto ocurre debido a la interpretación de tamaños negativos en strncpy The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28013-PFPSN.txt • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28022 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28022
06 May 2021 —  Esto ocurre cuando name=value son procesados dentro de los comandos MAIL FROM y RCPT TO The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28022-EXOPT.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28010 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28010
06 May 2021 — Exim 4 versiones anteriores a 4.94.2 permite una Escritura Fuera de Límites porque la función principal, mientras que setuid root, copia el nombre de ruta del directorio de trabajo actual en un búfer que es demasiado pequeño (en algunas plataformas comunes) The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. • http://www.openwall.com/lists/oss-security/2021/07/22/7 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28008 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28008
06 May 2021 —  Debido a que Exim opera como root en el directorio spool (propiedad para un usuario no root), un atacante puede escribir en un archivo de encabezado spool /var/spool/exim4/input, en el que una dirección de destinatario diseñada puede conllevar indirectamente a una ejecución de comando The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28008-SPDIR.txt • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28014 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28014
06 May 2021 —  La opción -oP está disponible para el usuario de exim y permite una denegación de servicio porque los archivos de propiedad root se pueden sobrescribir The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28014-PIDFP.txt • CWE-269: Improper Privilege Management •