CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14876 – Oracle E-Business Suite ozfVendorLov SQL Injection Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-14876
21 Oct 2020 —  Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) This vulnerability allows remote attackers to escalate privileges on affected installations of Oracle E-Business Suite. • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 10.0EPSS: 40%CPEs: 224EXPL: 2CVE-2020-3992 – VMware ESXi OpenSLP Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2020-3992
20 Oct 2020 —  Un actor malicioso que reside en la red de administración y que tiene acceso al puerto 427 en una máquina ESXi puede desencadenar un uso de la memoria previamente liberada en el servicio OpenSLP resultando en una ejecución de código remota This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992 • CWE-416: Use After Free •
CVSS: 8.2EPSS: 0%CPEs: 226EXPL: 0CVE-2020-3982 – VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3982
20 Oct 2020 —  Un actor malicioso con acceso administrativo a una máquina virtual puede ser capaz de explotar esta vulnerabilidad para bloquear el proceso vmx de la máquina virtual o corromper la pila de la memoria del hipervisor This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9112
https://notcve.org/view.php?id=CVE-2020-9112
19 Oct 2020 — Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201014-01-privilege-en • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9990 – Apple macOS process_token_SetFence Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-9990
19 Oct 2020 —  Una aplicación maliciosa puede ejecutar código arbitrario con privilegios de kernel This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. • https://support.apple.com/kb/HT211289 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 1CVE-2020-16939 – Group Policy Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-16939
16 Oct 2020 — </p> Se presenta una vulnerabilidad de escalada de privilegios cuando Group Policy comprueba inapropiadamente el acceso también se conoce como "Group Policy Elevation of Privilege Vulnerability" This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of an administrator. • https://github.com/rogue-kdc/CVE-2020-16939 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25778 – Trend Micro Antivirus for Mac Error Message Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-25778
14 Oct 2020 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. • https://helpcenter.trendmicro.com/en-us/article/TMKA-09948 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12928
https://notcve.org/view.php?id=CVE-2020-12928
13 Oct 2020 — A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master V15 may allow any authenticated user to escalate privileges to NT authority system. • https://github.com/ekknod/AmdRyzenMasterCheat • CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-7811 – Samsung Update Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-7811
12 Oct 2020 — Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication Samsung Update versiones 3.0.2.0 hasta 3.0.32.0, presenta una vulnerabilidad que permite una escalada de privilegios a medida que los comandos diseñados por el atacante son ejecutados mientras el motor deserializa los datos recibidos durante la comunicación entre procesos • https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35708 • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26932 – Debian Security Advisory 4818-1
https://notcve.org/view.php?id=CVE-2020-26932
10 Oct 2020 — debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) debian/sympa.postinst para el paquete Debian Sympa versiones anteriores a 6.2.40~dfsg-7, usa el modo 4755 para sympa_newaliases-wrapper, mientras que los permisos previstos están en el modo 4750 (para el acceso del grupo sympa) Several vulnerabilities were discovered in Sympa, a mailing list manager, which could re... • https://bugs.debian.org/971904 • CWE-732: Incorrect Permission Assignment for Critical Resource •