CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37207
https://notcve.org/view.php?id=CVE-2021-37207
09 Nov 2021 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-537983.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43412
https://notcve.org/view.php?id=CVE-2021-43412
07 Nov 2021 — This can be exploited for local privilege escalation to get full root access. • https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43414
https://notcve.org/view.php?id=CVE-2021-43414
07 Nov 2021 — The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. • https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40124 – Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-40124
04 Nov 2021 — A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38422 – Delta Electronics DIALink
https://notcve.org/view.php?id=CVE-2021-38422
03 Nov 2021 — Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. • https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 56EXPL: 0CVE-2020-5955
https://notcve.org/view.php?id=CVE-2020-5955
03 Nov 2021 — A caller may be able to escalate privileges. • https://security.netapp.com/advisory/ntap-20220223-0003 •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20135
https://notcve.org/view.php?id=CVE-2021-20135
02 Nov 2021 — Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. • https://www.tenable.com/security/tns-2021-18 •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 3CVE-2021-43267 – kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
https://notcve.org/view.php?id=CVE-2021-43267
02 Nov 2021 — An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system. • https://github.com/zzhacked/CVE-2021-43267 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3576 – Privilege escalation via SeImpersonatePrivilege
https://notcve.org/view.php?id=CVE-2021-3576
28 Oct 2021 — Bitdefender Total Security versiones anteriores a 25.0.26 This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender GravityZone. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3579 – Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe
https://notcve.org/view.php?id=CVE-2021-3579
28 Oct 2021 — Bitdefender Total Security versiones anteriores a 7.2.1.65 This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848 • CWE-276: Incorrect Default Permissions •