CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-45231 – Trend Micro Apex One Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-45231
06 Jan 2022 — A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system. ... Nota: un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows l... • https://success.trendmicro.com/solution/000289996 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35000 – OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-35000
06 Jan 2022 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. An attacker can leverage this in co... • https://www.zerodayinitiative.com/advisories/ZDI-22-012 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 218EXPL: 0CVE-2021-22045 – VMware Workstation SCSI Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-22045
04 Jan 2022 — Un actor malicioso con acceso a una máquina virtual con emulación de dispositivo de CD-ROM puede ser capaz de explotar esta vulnerabilidad en conjunto con otros problemas para ejecutar código en el hipervisor desde una máquina virtual This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • http://packetstormsecurity.com/files/165440/VMware-Security-Advisory-2022-0001.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41388
https://notcve.org/view.php?id=CVE-2021-41388
04 Jan 2022 — Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. • https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45389
https://notcve.org/view.php?id=CVE-2021-45389
04 Jan 2022 — A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. • https://www.starwindsoftware.com/security/sw-20211215-0001 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45912
https://notcve.org/view.php?id=CVE-2021-45912
04 Jan 2022 — An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method. Un canal Named Pipe no autenticado en el agente en tiempo real de Controlup (cuAgent.exe) versiones anteriores a 8.5, permite potencialmente a un atacante ejecutar comandos del Sistema Operativo por medio del método ProcessActionRequest WCF • https://www.controlup.com/security/security-advisory-local-privilege-escalation • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44466
https://notcve.org/view.php?id=CVE-2021-44466
30 Dec 2021 — Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. • https://www.tenable.com/security/research/tra-2021-58 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20172
https://notcve.org/view.php?id=CVE-2021-20172
30 Dec 2021 — All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. • https://www.tenable.com/security/research/tra-2021-56 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21912
https://notcve.org/view.php?id=CVE-2021-21912
22 Dec 2021 — A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1360 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21911
https://notcve.org/view.php?id=CVE-2021-21911
22 Dec 2021 — A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1360 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •