CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4028 – kernel: use-after-free in RDMA listen()
https://notcve.org/view.php?id=CVE-2021-4028
22 Feb 2022 — Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system. • https://access.redhat.com/security/cve/CVE-2021-4028 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25372
https://notcve.org/view.php?id=CVE-2022-25372
20 Feb 2022 — Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. • https://rhinosecuritylabs.com/penetration-testing/cve-2022-25372-local-privilege-escalation-in-pritunl-vpn-client • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22942 – kernel: failing usercopy allows for use-after-free exploitation
https://notcve.org/view.php?id=CVE-2022-22942
18 Feb 2022 — The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. • https://github.com/vmware/photon/wiki/Security-Update-3.0-356 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34986 – Parallels Desktop Service Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34986
18 Feb 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183). ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Era ZDI-CAN-13932 This vulnerability allows local attackers to escalate privileges on affected installations of ... • https://kb.parallels.com/en/125013 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34987 – Parallels Desktop HDAudio Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34987
18 Feb 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187). ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Era ZDI-CAN-14969 This vulnerability allows local attackers to escalate privileges on affect... • https://kb.parallels.com/en/125013 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-44730 – snapd could be made to escalate privileges and run programs as administrator
https://notcve.org/view.php?id=CVE-2021-44730
17 Feb 2022 — snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 snapd versión 2.54.2, no comprueba apropiadamente la ubicación del binario snap-confine. Un atacante local que pueda enlazar este binario a otra ubicación puede causar que snap-confine ejecute otros bi... • http://www.openwall.com/lists/oss-security/2022/02/18/2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 5CVE-2021-44731 – snapd could be made to escalate privileges and run programs as administrator
https://notcve.org/view.php?id=CVE-2021-44731
17 Feb 2022 — A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 Se presentaba una condición de carrera en snapd versión 2.54.2 en el binario snap-confine cuando era... • https://github.com/deeexcee-io/CVE-2021-44731-snap-confine-SUID • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-24052 – MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24052
16 Feb 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. ... This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-24680 – Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24680
16 Feb 2022 — A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-Free Business Security Services agents could allow a local attacker to create a mount point and leverage this for arbitrary folder deletion, leading to escalated privileges on affected installations. ... Nota: un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sis... • https://success.trendmicro.com/solution/000290464 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-24050 – MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-24050
16 Feb 2022 — This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. ... Era ZDI-CAN-16207 This vulnerability allows local attackers to escalate privileges on affected installation... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DKJRBYJAQCOPHSED43A3HUPNKQLDTFGD • CWE-416: Use After Free CWE-1173: Improper Use of Validation Framework •