CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31822
https://notcve.org/view.php?id=CVE-2021-31822
24 Nov 2021 — When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access. Cuando Octopus Tentacle se instala en un sistema operativo Linux, los permisos del archivo de servicio systemd están configurados inapropiadamente. Esto puede conllevar a que un usuario local no privilegiado modifique el contenido del archivo de servicio systemd para c... • https://advisories.octopus.com/adv/2021-11---Local-privilege-escalation-in-Octopus-Tentacle-%28CVE-2021-31822%29.2283732993.html • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42297 – Windows 10 Update Assistant Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-42297
24 Nov 2021 — Este CVE ID es diferente de CVE-2021-43211 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42297 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43019 – Adobe Creative Cloud Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-43019
23 Nov 2021 — An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . ... Es requerida una interacción del usuario antes de la instalación del producto para abusar de esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Creative Cloud. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpx.adobe.com/security/products/creative-cloud/apsb21-111.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-35052 – Kaspersky Password Manager Improper Privilege Management Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-35052
23 Nov 2021 — Un componente de Kaspersky Password Manager podría permitir a un atacante elevar el nivel de integridad de un proceso de Medio a Alto This vulnerability allows local attackers to escalate privileges on affected installations of Kaspersky Password Manager. ... An attacker can leverage this vulnerability to escalate privileges from medium integrity and execute code in the context of the current user at high integrity. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42126 – Ivanti Avalanche User Management Improper Authentication Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-42126
18 Nov 2021 — Se presenta una vulnerabilidad de control de autorización inapropiada en Ivanti Avalanche versiones anteriores a 6.3.3 que permite a un atacante con acceso al Servicio Inforail llevar a cabo una escalada de privilegios This vulnerability allows remote attackers to escalate privileges on affected installations of Ivanti Avalanche. ... An attacker can leverage this vulnerability to escalate privileges to the level of admin. • https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3 • CWE-285: Improper Authorization •
CVSS: 6.8EPSS: 0%CPEs: 144EXPL: 0CVE-2021-0146 – Gentoo Linux Security Advisory 202402-22
https://notcve.org/view.php?id=CVE-2021-0146
17 Nov 2021 — A local attacker could use this to escalate privileges. • https://security.netapp.com/advisory/ntap-20211210-0006 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43771 – Trend Micro Antivirus for Mac Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-43771
17 Nov 2021 — Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. ... Tenga en cuenta que un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges
CVSS: 7.2EPSS: 0%CPEs: 40EXPL: 0CVE-2021-36315
https://notcve.org/view.php?id=CVE-2021-36315
12 Nov 2021 — This may allow a local unauthenticated user to escalate privileges. • https://www.dell.com/support/kbdoc/en-us/000193005 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42563
https://notcve.org/view.php?id=CVE-2021-42563
12 Nov 2021 — This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. • https://www.ni.com/en-us/support/documentation/supplemental/21/unquoted-service-path-in-ni-service-locator.html • CWE-428: Unquoted Search Path or Element •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3061 – PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)
https://notcve.org/view.php?id=CVE-2021-3061
10 Nov 2021 — An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. • https://security.paloaltonetworks.com/CVE-2021-3061 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •