CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41365 – Microsoft Defender for IoT Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-41365
15 Dec 2021 — Este ID de CVE es diferente de CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889 This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Azure Defender for IoT. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41365 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2021-43326 – Automox Agent 32 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-43326
15 Dec 2021 — Automox Agent versiones anteriores a 32 en Windows establece incorrectamente los permisos en un directorio temporal Automox Agent version 32 suffers from a local privilege escalation vulnerability. • https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43325
https://notcve.org/view.php?id=CVE-2021-43325
15 Dec 2021 — Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression. Automox Agent versión 33 en Windows establece incorrectamente los permisos en un directorio temporal. NOTA: este problema se presenta debido a una regresión CVE-2021-43326 • https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38182
https://notcve.org/view.php?id=CVE-2021-38182
14 Dec 2021 — Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. • https://github.com/kyma-project/kyma/security/advisories/GHSA-2vjp-5q24-hqjv • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4007 – Rapid7 Insight Agent Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-4007
14 Dec 2021 — Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37941
https://notcve.org/view.php?id=CVE-2021-37941
08 Dec 2021 — A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. • https://discuss.elastic.co/t/apm-java-agent-security-update/289627 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42110
https://notcve.org/view.php?id=CVE-2021-42110
08 Dec 2021 — A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking. • http://www.popsy.com/Documents/Setups/Setup.Allegro.3.3.4154.2.exe •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-31631
https://notcve.org/view.php?id=CVE-2021-31631
06 Dec 2021 — This vulnerability allows attackers to escalate privileges. • https://gist.github.com/stacksmasher007/76514ab2b782fb4383f1121e6fc19241 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42115 – Missing HTTPOnly flag on sensitive cookie in TopEase
https://notcve.org/view.php?id=CVE-2021-42115
30 Nov 2021 — Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an unauthenticated remote attacker to escalate privileges from unauthenticated to authenticated user via stealing and injecting the session- independent and static cookie UID. • https://confluence.topease.ch/confluence/display/DOC/Release+Notes • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44019 – Trend Micro Worry-Free Business Security Unnecessary Privileges Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-44019
30 Nov 2021 — An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. ... Esta vulnerabilidad es similar, pero no idéntica, a CVE-2021-44020 y 44021 This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Worry-Free Business Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the ... • https://success.trendmicro.com/solution/000289230 • CWE-269: Improper Privilege Management •