v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo.
CWE-269
CVE-2020-10384
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account.
CVE-2020-10286
the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.
CVE-2020-10290
Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate how a malicious actor could ‘cook’ a custom URCap that when deployed by the user (intendedly or unintendedly) compromises the system
CVE-2020-1014
An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka ‘Microsoft Windows Update Client Elevation of Privilege Vulnerability’.
CVE-2020-10088
GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level.