CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-4010 – X.Org Server SProcScreenSaverSuspend Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-4010
17 Dec 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKLSZCY47QK4RCJFXITYFALCGPJAFXOK • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-4011 – X.Org Server SwapCreateRegister Out-Of-Bounds Access Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-4011
17 Dec 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://lists.debian.org/debian-lts-announce/2021/12/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2021-43247 – Windows TCP/IP Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-43247
15 Dec 2021 — Windows TCP/IP Driver Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios de Windows TCP/IP Driver This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43247 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-43237 – Windows Setup Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-43237
15 Dec 2021 — Windows Setup Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Setup This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43237 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41365 – Microsoft Defender for IoT Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-41365
15 Dec 2021 — Este ID de CVE es diferente de CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889 This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Azure Defender for IoT. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41365 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 4CVE-2021-43326 – Automox Agent 32 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-43326
15 Dec 2021 — Automox Agent versiones anteriores a 32 en Windows establece incorrectamente los permisos en un directorio temporal Automox Agent version 32 suffers from a local privilege escalation vulnerability. • https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43325
https://notcve.org/view.php?id=CVE-2021-43325
15 Dec 2021 — Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression. Automox Agent versión 33 en Windows establece incorrectamente los permisos en un directorio temporal. NOTA: este problema se presenta debido a una regresión CVE-2021-43326 • https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-4008 – X.Org Server SProcRenderCompositeGlyphs Out-Of-Bounds Access Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-4008
15 Dec 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges. • https://lists.debian.org/debian-lts-announce/2021/12/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38182
https://notcve.org/view.php?id=CVE-2021-38182
14 Dec 2021 — Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. • https://github.com/kyma-project/kyma/security/advisories/GHSA-2vjp-5q24-hqjv • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4007 – Rapid7 Insight Agent Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-4007
14 Dec 2021 — Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5629 • CWE-427: Uncontrolled Search Path Element •