CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28009 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28009
06 May 2021 —  NOTA: la explotación puede no ser práctica debido al tiempo de ejecución necesario para desbordar (múltiples días) The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28009-STDIN.txt • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28025 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28025
06 May 2021 — Exim 4 versiones anteriores a 4.94.2, permite una lectura fuera de límites porque pdkim_finish_bodyhash no comprueba la relación entre sig-)bodyhash.len y b-)bh.len; por lo tanto, un encabezado DKIM-Signature diseñado podría conllevar una filtración de información confidencial de la memoria del proceso The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28025-BHASH.txt • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28017 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28017
06 May 2021 —  NOTA: una explotación remota puede ser difícil debido al consumo de recursos The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28017-RCPTL.txt • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28021 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28021
06 May 2021 —  Un cliente SMTP remoto autenticado puede insertar caracteres newline en un archivo de cola (que indirectamente conlleva a una ejecución de código remota como root) por medio de AUTH= en un comando MAIL FROM The Qualys Research Labs reported several vulnerabilities in Exim, a mail transport agent, which could result in local privilege escalation and remote code execution. • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28021-MAUTH.txt •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-27518
https://notcve.org/view.php?id=CVE-2020-27518
04 May 2021 — All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. • http://windscribe.com • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-31440 – Linux Kernel eBPF Improper Input Validation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-31440
03 May 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. ... This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=10bf4e83167cc68595b85fd73bb91e8f2c086e36 • CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27519
https://notcve.org/view.php?id=CVE-2020-27519
30 Apr 2021 — Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. • https://github.com/pritunl/pritunl-client-electron/commit/87ceeae9b8ee415541d7d71de10675e699a76e5e • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31776
https://notcve.org/view.php?id=CVE-2021-31776
29 Apr 2021 — Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators. • https://docs.aviatrix.com/Downloads/samlclient.html • CWE-428: Unquoted Search Path or Element •
CVSS: 9.8EPSS: 0%CPEs: 82EXPL: 0CVE-2021-30167 – MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Broken Authentication
https://notcve.org/view.php?id=CVE-2021-30167
28 Apr 2021 — Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to control the devices. • https://gist.github.com/keniver/86ebef688fb274b534da51ef1a84dd3e • CWE-306: Missing Authentication for Critical Function CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0CVE-2021-1834 – Apple macOS AppleIntelKBLGraphics IOCTL 0x30002 Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1834
28 Apr 2021 — Una aplicación maliciosa puede ser capaz de ejecutar código arbitrario con privilegios del kernel This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://support.apple.com/en-us/HT212325 • CWE-787: Out-of-bounds Write •