CVE-2020-27352 – Ubuntu Security Notice USN-4728-1
https://notcve.org/view.php?id=CVE-2020-27352
10 Feb 2021 — This could allow a local attacker to escalate privileges via access to arbitrary devices of the container host from within a compromised or malicious container. • https://bugs.launchpad.net/snapd/+bug/1910456 • CWE-269: Improper Privilege Management •
CVE-2020-28392
https://notcve.org/view.php?id=CVE-2020-28392
09 Feb 2021 — During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges should a user with elevated credentials log onto the machine. • https://cert-portal.siemens.com/productcert/pdf/ssa-794542.pdf • CWE-276: Incorrect Default Permissions •
CVE-2021-20181 – QEMU Plan 9 File System Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-20181
08 Feb 2021 — An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. • https://bugzilla.redhat.com/show_bug.cgi?id=1927007 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2021-3394 – Millewin 13.39.146.1 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-3394
08 Feb 2021 — Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation. Millennium Millewin (también se conoce como "Cartella clinica") versiones 13.39.028, 13.39.28.3342 y 13.39.146.1, posee permisos de carpeta no seguros que permiten a un usuario malicioso escalar privilegios locales Millewin version 13.39.028 suffers from a local privilege escalation issue due to insecure per... • https://packetstorm.news/files/id/161334 • CWE-276: Incorrect Default Permissions •
CVE-2021-22299
https://notcve.org/view.php?id=CVE-2021-22299
06 Feb 2021 — There is a local privilege escalation vulnerability in some Huawei products. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210120-02-privilege-en •
CVE-2021-26708 – kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c
https://notcve.org/view.php?id=CVE-2021-26708
05 Feb 2021 — A local privilege escalation was discovered in the Linux kernel before 5.10.13. ... Wrong locking in the AF_VSOCK socket can cause a local privilege escalation, bypassing SMEP and SMAP. • https://github.com/azpema/CVE-2021-26708 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •
CVE-2021-25684 – apport can be stalled by reading a FIFO
https://notcve.org/view.php?id=CVE-2021-25684
03 Feb 2021 — A local attacker could use this issue to escalate privileges and run arbitrary code. • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326 • CWE-20: Improper Input Validation •
CVE-2021-25682 – apport improperly parses /proc/pid/status
https://notcve.org/view.php?id=CVE-2021-25682
03 Feb 2021 — A local attacker could use this issue to escalate privileges and run arbitrary code. • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-1791 – Apple iOS FairplayIOKit Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-1791
02 Feb 2021 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave address buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT212146 • CWE-125: Out-of-bounds Read •
CVE-2020-14418
https://notcve.org/view.php?id=CVE-2020-14418
30 Jan 2021 — A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions. Se presenta una vulnerabilidad TOCTOU en madCodeHook antes del 16-07-2020, que permite a atacantes locales elevar sus privilegios a SYSTEM. Esto ocurre porque el redireccionamiento de ruta puede ocurrir por medio de vectores que involucran uniones de directorio • https://labs.nettitude.com/blog/cve-2020-14418-madcodehook-library-local-privilege-escalation • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •