CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43771 – Trend Micro Antivirus for Mac Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-43771
17 Nov 2021 — Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. ... Tenga en cuenta que un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges
CVSS: 7.2EPSS: 0%CPEs: 40EXPL: 0CVE-2021-36315
https://notcve.org/view.php?id=CVE-2021-36315
12 Nov 2021 — This may allow a local unauthenticated user to escalate privileges. • https://www.dell.com/support/kbdoc/en-us/000193005 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42563
https://notcve.org/view.php?id=CVE-2021-42563
12 Nov 2021 — This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. • https://www.ni.com/en-us/support/documentation/supplemental/21/unquoted-service-path-in-ni-service-locator.html • CWE-428: Unquoted Search Path or Element •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3061 – PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)
https://notcve.org/view.php?id=CVE-2021-3061
10 Nov 2021 — An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. • https://security.paloaltonetworks.com/CVE-2021-3061 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3059 – PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates
https://notcve.org/view.php?id=CVE-2021-3059
10 Nov 2021 — This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. • https://security.paloaltonetworks.com/CVE-2021-3059 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3058 – PAN-OS: OS Command Injection Vulnerability in Web Interface XML API
https://notcve.org/view.php?id=CVE-2021-3058
10 Nov 2021 — An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. • https://security.paloaltonetworks.com/CVE-2021-3058 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-31853 – MDE DLL Search Order Hijacking vulnerability
https://notcve.org/view.php?id=CVE-2021-31853
10 Nov 2021 — DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. • https://kc.mcafee.com/corporate/index?page=content&id=SB10374 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2021-42280 – Windows Feedback Hub Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-42280
10 Nov 2021 — Windows Feedback Hub Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Feedback Hub This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42280 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-42277 – Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-42277
10 Nov 2021 — Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Diagnostics Hub Standard Collector This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-41379 – Microsoft Windows Installer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-41379
10 Nov 2021 — Windows Installer Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios del instalador de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41379 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •