CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-35451 – Oozie local privilege escalation
https://notcve.org/view.php?id=CVE-2020-35451
09 Mar 2021 — There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation. Se presenta una condición de carrera en OozieSharelibCLI en Apache Oozie versiones anteriores a 5.2.1, que permite a un atacante malicioso reemplazar los archivos en sharelib de Oozie durante su creación • http://www.openwall.com/lists/oss-security/2021/03/09/2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-377: Insecure Temporary File •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-0460 – Google Android fts_driver_test_write Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-0460
09 Mar 2021 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. • https://source.android.com/security/bulletin/pixel/2021-03-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26964
https://notcve.org/view.php?id=CVE-2021-26964
05 Mar 2021 — This could allow the attacker to escalate privileges and/or change network details that they should not have access to. • https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-005.txt • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13554
https://notcve.org/view.php?id=CVE-2020-13554
03 Mar 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 7.4EPSS: 1%CPEs: 21EXPL: 0CVE-2020-35662 – Gentoo Linux Security Advisory 202310-22
https://notcve.org/view.php?id=CVE-2020-35662
27 Feb 2021 — En SaltStack Salt versiones anteriores a 3002.5, cuando se autentican en servicios usando determinados módulos, el certificado SSL no siempre es comprobado Multiple security vulnerabilities have been discovered in Salt, a powerful remote execution manager, that allow for local privilege escalation on a minion, server side template injection attacks, insufficient checks for eauth credentials, shell and command injections or incorrect validation of SSL certificates. • https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 2CVE-2020-28243 – Gentoo Linux Security Advisory 202310-22
https://notcve.org/view.php?id=CVE-2020-28243
27 Feb 2021 — This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. • https://github.com/stealthcopter/CVE-2020-28243 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 12%CPEs: 21EXPL: 0CVE-2021-3144 – Gentoo Linux Security Advisory 202310-22
https://notcve.org/view.php?id=CVE-2021-3144
27 Feb 2021 —  (Pueden ser usados para ejecutar un comando contra el maestro de sal o los minions) Multiple security vulnerabilities have been discovered in Salt, a powerful remote execution manager, that allow for local privilege escalation on a minion, server side template injection attacks, insufficient checks for eauth credentials, shell and command injections or incorrect validation of SSL certificates. • https://github.com/saltstack/salt/releases • CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 3%CPEs: 9EXPL: 18CVE-2021-1732 – Microsoft Win32k Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1732
25 Feb 2021 — Este ID de CVE es diferente de CVE-2021-1698 A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. • https://packetstorm.news/files/id/166169 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8032 – Local privilege escalation to root due to insecure tmp file usage
https://notcve.org/view.php?id=CVE-2020-8032
25 Feb 2021 — A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions. Una vulnerabilidad de Archivo Temporal No Seguro en el paquete de cyrus-sasl de openSUSE Factory, permite a atacantes locales escalar a root. Este problema afecta a: openSUSE Factory cyrus-sasl versión 2.1.27-4.2 y versiones anteriores • https://bugzilla.suse.com/show_bug.cgi?id=1180669 • CWE-377: Insecure Temporary File •
CVSS: 3.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27260 – Parallels Desktop Toolgate Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-27260
24 Feb 2021 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://kb.parallels.com/en/125013 • CWE-125: Out-of-bounds Read •