CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13553
https://notcve.org/view.php?id=CVE-2020-13553
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13551
https://notcve.org/view.php?id=CVE-2020-13551
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13552
https://notcve.org/view.php?id=CVE-2020-13552
17 Feb 2021 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1169 • CWE-276: Incorrect Default Permissions •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-29457
https://notcve.org/view.php?id=CVE-2020-29457
16 Feb 2021 — A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection. • https://github.com/OPCFoundation/UA-.NETStandard • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-1806 – Apple macOS process_token_BlitLibSetup2D Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1806
12 Feb 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. • http://seclists.org/fulldisclosure/2021/Apr/54 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 0%CPEs: 20EXPL: 0CVE-2021-1805 – Apple macOS process_token_BindQueryBufferMultiple Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-1805
12 Feb 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. • http://seclists.org/fulldisclosure/2021/Apr/54 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27869 – SolarWinds Network Performance Monitor WriteToFile SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-27869
11 Feb 2021 — This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. ... An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. ... Era ZDI-CAN-11804 This vulnerability allows remote attackers to escalate privileges on affected ins... • https://www.zerodayinitiative.com/advisories/ZDI-21-064 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22658 – Advantech iView UserServlet SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-22658
11 Feb 2021 — Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an attacker to escalate privileges to 'Administrator'. Las versiones de Advantech iView anteriores a v5.7.03.6112, son vulnerables a una inyección SQL, lo que puede permitir a un atacante escalar los privilegios a "Administrator" This vulnerability allows remote attackers to escalate privileges on affected installations of Advantech iView. ... An attacker can leverage this vulnerability to esca... • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26936
https://notcve.org/view.php?id=CVE-2021-26936
10 Feb 2021 — The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations. • http://www.openwall.com/lists/oss-security/2021/02/10/1 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 2CVE-2021-24084 – Windows Mobile Device Management Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-24084
10 Feb 2021 — Windows Mobile Device Management Information Disclosure Vulnerability Una Vulnerabilidad de Divulgación de Información de Mobile Device Management de Windows This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Device Management Enrollment Service. By creating a director... • https://github.com/exploitblizzard/WindowsMDM-LPE-0Day • CWE-59: Improper Link Resolution Before File Access ('Link Following') •