CVSS: 7.8EPSS: 0%CPEs: 106EXPL: 0CVE-2021-29645
https://notcve.org/view.php?id=CVE-2021-29645
12 Oct 2021 — Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitrary arguments via a local pipe, leading to a local privilege escalation vulnerability. • https://www.hitachi.com/hirt/security/index.html •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37969
https://notcve.org/view.php?id=CVE-2021-37969
08 Oct 2021 — Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. • https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25271
https://notcve.org/view.php?id=CVE-2021-25271
07 Oct 2021 — A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318. Un atacante local podría leer o escribir archivos arbitrarios con privilegios de administrador en HitmanPro versiones anteriores a Build 318 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20211007-hmp-lpe •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25270
https://notcve.org/view.php?id=CVE-2021-25270
07 Oct 2021 — A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901. Un atacante local podría ejecutar código arbitrario con privilegios de administrador en HitmanPro.Alert versiones anteriores a Build 901 • https://www.sophos.com/en-us/security-advisories/sophos-sa-20211007-hmpa-lpe •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26557
https://notcve.org/view.php?id=CVE-2021-26557
07 Oct 2021 — When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. Cuando Octopus Tentacle se instala usando una ubicación de carpeta personalizada, las ACL de carpeta no se establecen correctamente y podrían conllevar a que un usuario no privilegiado use una carga lateral de DLL para conseguir acceso privilegiado • https://advisories.octopus.com/adv/2021-02---Local-privilege-escalation-in-Octopus-Tentacle-%28CVE-2021-26557%29.1732870264.html • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26556
https://notcve.org/view.php?id=CVE-2021-26556
07 Oct 2021 — When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. Cuando Octopus Server se instala usando una ubicación de carpeta personalizada, las ACL de carpeta no se establecen correctamente y podrían conllevar a que un usuario no privilegiado use una carga lateral de DLL para conseguir acceso privilegiado • https://advisories.octopus.com/adv/2021-01---Local-privilege-escalation-in-Octopus-Server-%28CVE-2021-26556%29.1733296189.html • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 0CVE-2021-35497 – TIBCO FTL unvalidated SAN in client certificates
https://notcve.org/view.php?id=CVE-2021-35497
05 Oct 2021 — These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. • https://www.tibco.com/services/support/advisories • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21387
https://notcve.org/view.php?id=CVE-2020-21387
04 Oct 2021 — A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. • https://github.com/magicblack/maccms10/issues/126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-41285
https://notcve.org/view.php?id=CVE-2021-41285
04 Oct 2021 — Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\SYSTEM. • https://voidsec.com/crucial-mod-utility-lpe-cve-2021-41285 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41297 – ECOA BAS controller - Insufficiently Protected Credentials-1
https://notcve.org/view.php?id=CVE-2021-41297
30 Sep 2021 — ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text. • https://www.twcert.org.tw/tw/cp-132-5133-f3c4b-1.html • CWE-522: Insufficiently Protected Credentials •