CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27242 – Parallels Desktop Toolgate Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27242
24 Feb 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. ... Era ZDI-CAN-11926 This vulnerability allows local attackers to escalate privileges on affected installations... • https://kb.parallels.com/en/125013 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 2CVE-2021-24085 – Microsoft Exchange Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2021-24085
24 Feb 2021 — An attacker can leverage this vulnerability to escalate privileges to an administrative account. • https://packetstorm.news/files/id/161528 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27259 – Parallels Desktop Toolgate Integer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27259
24 Feb 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Era ZDI-CAN-12021 This vulnerability allows local attackers to escalate privileges on af... • https://kb.parallels.com/en/125013 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27240 – SolarWinds Patch Manager DataGridService Deserialization of Untrusted Data Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27240
24 Feb 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. ... Era ZDI-CAN-12009 This vulnerability allows local attackers to escalate privileges on a... • https://www.zerodayinitiative.com/advisories/ZDI-21-207 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27243 – Parallels Desktop Toolgate Integer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-27243
24 Feb 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Era ZDI-CAN-11924 This vulnerability allows local attackers to escalate privileges on af... • https://kb.parallels.com/en/125013 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27244 – Parallels Desktop Toolgate Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-27244
24 Feb 2021 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://kb.parallels.com/en/125013 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13549
https://notcve.org/view.php?id=CVE-2020-13549
19 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1167 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36233
https://notcve.org/view.php?id=CVE-2020-36233
18 Feb 2021 — The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. • https://jira.atlassian.com/browse/BSERV-12753 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-12878
https://notcve.org/view.php?id=CVE-2020-12878
17 Feb 2021 — Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate privileges from the python user to root via a symlink attack that uses chown, related to /etc/init.d/S50dropbear.sh and the /WEB/python/.ssh directory. • https://github.com/fireeye/Vulnerability-Disclosures • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13555
https://notcve.org/view.php?id=CVE-2020-13555
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •