CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24367
https://notcve.org/view.php?id=CVE-2020-24367
10 Nov 2020 — Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. • https://support.bluestacks.com/hc/en-us/articles/360051471652--Bluestacks-update-fixes-vulnerabilities • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27977
https://notcve.org/view.php?id=CVE-2020-27977
09 Nov 2020 — CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges. • https://capawiki.capasystems.com/display/ci/CapaInstaller+6.0+-+Build+101 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13537
https://notcve.org/view.php?id=CVE-2020-13537
05 Nov 2020 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1148 • CWE-276: Incorrect Default Permissions •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13536
https://notcve.org/view.php?id=CVE-2020-13536
05 Nov 2020 — An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1148 • CWE-276: Incorrect Default Permissions •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-24433 – Adobe Acrobat Reader DC Local Privilege Escalation via Installer Component
https://notcve.org/view.php?id=CVE-2020-24433
05 Nov 2020 — Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. • https://helpx.adobe.com/security/products/acrobat/apsb20-67.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-24429 – Acrobat Reader DC for macOS Signature Verification Bypass Could Lead to Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-24429
05 Nov 2020 — Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a signature verification bypass that could result in local privilege escalation. • https://helpx.adobe.com/security/products/acrobat/apsb20-67.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2020-24428 – Acrobat Reader DC for macOS Race Condition Vulnerability Could Lead to Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-24428
05 Nov 2020 — Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a time-of-check time-of-use (TOCTOU) race condition vulnerability that could result in local privilege escalation. • https://helpx.adobe.com/security/products/acrobat/apsb20-67.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15952
https://notcve.org/view.php?id=CVE-2020-15952
05 Nov 2020 — Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. • https://labs.bishopfox.com/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-28049 – Gentoo Linux Security Advisory 202402-02
https://notcve.org/view.php?id=CVE-2020-28049
04 Nov 2020 — A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges. • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00031.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 3CVE-2020-16125 – gdm3 would start gnome-initial-setup if it cannot contact accountservice
https://notcve.org/view.php?id=CVE-2020-16125
03 Nov 2020 — gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account. gdm3 versiones anteriores a 3.36.2 o 3.38.2, comenzaría la configuración inicial de gnom si gdm3 no puede ponerse en contacto con el servicio de cuentas por medio de dbus de manera oportuna; en Ubuntu (y pote... • https://securitylab.github.com/advisories/GHSL-2020-202-gdm3-LPE-unresponsive-accounts-daemon • CWE-636: Not Failing Securely ('Failing Open') CWE-754: Improper Check for Unusual or Exceptional Conditions •