CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-24556 – Trend Micro Apex One Hard Link Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-24556
31 Aug 2020 — Tenga en cuenta que la versión 1909 (compilación del SO 18363.719) de Microsoft Windows 10 mitiga los enlaces físicos, pero las versiones anteriores están afectadas This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. • https://success.trendmicro.com/solution/000263632 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-24559 – Trend Micro Apex One Hard Link Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-24559
31 Aug 2020 — Un atacante debe primero obtener la capacidad de ejecutar código poco privilegiado en el sistema objetivo para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of root. • https://success.trendmicro.com/solution/000263632 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-24557 – Trend Micro Multiple Products Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2020-24557
31 Aug 2020 — Tenga en cuenta que la versión 1909 (compilación del SO 18363.719) de Microsoft Windows 10 mitiga los enlaces físicos, pero las versiones anteriores están afectadas This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. • https://success.trendmicro.com/solution/000263632 •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8097 – Improper authentication vulnerability in Bitdefender Endpoint Security Tools and Endpoint Security SDK (VA-8646)
https://notcve.org/view.php?id=CVE-2020-8097
30 Aug 2020 — An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. • https://www.bitdefender.com/support/security-advisories/improper-authentication-vulnerability-bitdefender-endpoint-security-tools-endpoint-security-sdk-va-8646 • CWE-287: Improper Authentication •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9908 – Apple macOS Intel Graphics Driver Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-9908
27 Aug 2020 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. • https://support.apple.com/kb/HT211289 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15777
https://notcve.org/view.php?id=CVE-2020-15777
25 Aug 2020 — This could potentially be used to achieve remote code execution and local privilege escalation. • https://docs.gradle.com/enterprise/maven-extension/#1_6 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-24574
https://notcve.org/view.php?id=CVE-2020-24574
21 Aug 2020 — The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. • https://github.com/jtesta/gog_galaxy_client_service_poc • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-17402 – Parallels Desktop prl_hypervisor Incorrect Permission Assignment for Critical Resource Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-17402
18 Aug 2020 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel. • https://kb.parallels.com/en/125013 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-17392 – Parallels Desktop prl_hypervisor Untrusted Pointer Dereference Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-17392
18 Aug 2020 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. ... Fue ZDI-CAN-10519 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels ... • https://kb.parallels.com/en/125013 • CWE-822: Untrusted Pointer Dereference •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-17397 – Parallels Desktop Networking Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-17397
18 Aug 2020 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. ... Fue ZDI-CAN-11253 This vulnerability allows local attackers to escalate privileges on affected installations of Parallel... • https://kb.parallels.com/en/125013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •