CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38422 – Delta Electronics DIALink
https://notcve.org/view.php?id=CVE-2021-38422
03 Nov 2021 — Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. • https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 56EXPL: 0CVE-2020-5955
https://notcve.org/view.php?id=CVE-2020-5955
03 Nov 2021 — A caller may be able to escalate privileges. • https://security.netapp.com/advisory/ntap-20220223-0003 •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20135
https://notcve.org/view.php?id=CVE-2021-20135
02 Nov 2021 — Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. • https://www.tenable.com/security/tns-2021-18 •
CVSS: 9.8EPSS: 3%CPEs: 18EXPL: 3CVE-2021-43267 – kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
https://notcve.org/view.php?id=CVE-2021-43267
02 Nov 2021 — An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system. • https://github.com/zzhacked/CVE-2021-43267 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3576 – Privilege escalation via SeImpersonatePrivilege
https://notcve.org/view.php?id=CVE-2021-3576
28 Oct 2021 — Bitdefender Total Security versiones anteriores a 25.0.26 This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender GravityZone. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.bitdefender.com/support/security-advisories/privilege-escalation-via-seimpersonateprivilege-in-bitdefender-endpoint-security-tools-va-9848 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3579 – Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe
https://notcve.org/view.php?id=CVE-2021-3579
28 Oct 2021 — Bitdefender Total Security versiones anteriores a 7.2.1.65 This vulnerability allows local attackers to escalate privileges on affected installations of Bitdefender Total Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.bitdefender.com/support/security-advisories/incorrect-default-permissions-vulnerability-in-bdservicehost-exe-and-vulnerability-scan-exe-va-9848 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2021-43057 – Ubuntu Security Notice USN-5162-1
https://notcve.org/view.php?id=CVE-2021-43057
28 Oct 2021 — A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. • https://bugs.chromium.org/p/project-zero/issues/detail?id=2229 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43211 – Windows 10 Update Assistant Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-43211
27 Oct 2021 — Este CVE ID es diferente de CVE-2021-42297 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43211 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2021-21703 – PHP-FPM memory access in root process leading to privilege escalation
https://notcve.org/view.php?id=CVE-2021-21703
25 Oct 2021 — In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the ... • http://www.openwall.com/lists/oss-security/2021/10/26/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-284: Improper Access Control CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2021-34981 – Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34981
21 Oct 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. ... This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. • https://www.zerodayinitiative.com/advisories/ZDI-21-1223 • CWE-415: Double Free •