CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-45912
https://notcve.org/view.php?id=CVE-2021-45912
04 Jan 2022 — An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method. Un canal Named Pipe no autenticado en el agente en tiempo real de Controlup (cuAgent.exe) versiones anteriores a 8.5, permite potencialmente a un atacante ejecutar comandos del Sistema Operativo por medio del método ProcessActionRequest WCF • https://www.controlup.com/security/security-advisory-local-privilege-escalation • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44466
https://notcve.org/view.php?id=CVE-2021-44466
30 Dec 2021 — Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. • https://www.tenable.com/security/research/tra-2021-58 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20172
https://notcve.org/view.php?id=CVE-2021-20172
30 Dec 2021 — All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. • https://www.tenable.com/security/research/tra-2021-56 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21912
https://notcve.org/view.php?id=CVE-2021-21912
22 Dec 2021 — A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1360 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21911
https://notcve.org/view.php?id=CVE-2021-21911
22 Dec 2021 — A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1360 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21910
https://notcve.org/view.php?id=CVE-2021-21910
22 Dec 2021 — A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1360 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27445 – Mesa Labs AmegaView Improper Privilege Management
https://notcve.org/view.php?id=CVE-2021-27445
21 Dec 2021 — Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device. • https://us-cert.cisa.gov/ics/advisories/icsa-21-147-03 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42808 – The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions.
https://notcve.org/view.php?id=CVE-2021-42808
20 Dec 2021 — Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. • https://cpl.thalesgroup.com/fr/software-monetization/security-updates • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 6%CPEs: 4EXPL: 0CVE-2021-35234 – Exposed Dangerous Functions - Privileged Escalation
https://notcve.org/view.php?id=CVE-2021-35234
20 Dec 2021 — Un atacante con bajos privilegios de usuario puede robar los hashes de las contraseñas y la información de las sales de las contraseñas This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. ... An attacker can leverage this vulnerability to escalate privileges to the level of an application administrator. • https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-4009 – X.Org Server SProcXFixesCreatePointerBarrier Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-4009
17 Dec 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://lists.debian.org/debian-lts-announce/2021/12/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •