CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3059 – PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates
https://notcve.org/view.php?id=CVE-2021-3059
10 Nov 2021 — This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. • https://security.paloaltonetworks.com/CVE-2021-3059 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3058 – PAN-OS: OS Command Injection Vulnerability in Web Interface XML API
https://notcve.org/view.php?id=CVE-2021-3058
10 Nov 2021 — An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. • https://security.paloaltonetworks.com/CVE-2021-3058 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-31853 – MDE DLL Search Order Hijacking vulnerability
https://notcve.org/view.php?id=CVE-2021-31853
10 Nov 2021 — DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (MDE) prior to 7.3.0 HF2 (7.3.0.183) allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder. • https://kc.mcafee.com/corporate/index?page=content&id=SB10374 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2021-42280 – Windows Feedback Hub Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-42280
10 Nov 2021 — Windows Feedback Hub Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Feedback Hub This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42280 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-42277 – Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-42277
10 Nov 2021 — Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Diagnostics Hub Standard Collector This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2021-41379 – Microsoft Windows Installer Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-41379
10 Nov 2021 — Windows Installer Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios del instalador de Windows This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41379 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37207
https://notcve.org/view.php?id=CVE-2021-37207
09 Nov 2021 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-537983.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43412
https://notcve.org/view.php?id=CVE-2021-43412
07 Nov 2021 — This can be exploited for local privilege escalation to get full root access. • https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43414
https://notcve.org/view.php?id=CVE-2021-43414
07 Nov 2021 — The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. • https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40124 – Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-40124
04 Nov 2021 — A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •