CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-41297 – ECOA BAS controller - Insufficiently Protected Credentials-1
https://notcve.org/view.php?id=CVE-2021-41297
30 Sep 2021 — ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in plain-text. • https://www.twcert.org.tw/tw/cp-132-5133-f3c4b-1.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36286
https://notcve.org/view.php?id=CVE-2021-36286
28 Sep 2021 — Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. • https://www.dell.com/support/kbdoc/en-us/000191057/dsa-2021-163-dell-supportassist-client-consumer-security-update-for-two-vulnerabilities • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39828 – Adobe Digital Editions Installer flaw leads to Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-39828
27 Sep 2021 — An authenticated attacker could leverage this vulnerability to escalate privileges. • https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34412
https://notcve.org/view.php?id=CVE-2021-34412
27 Sep 2021 — If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34411
https://notcve.org/view.php?id=CVE-2021-34411
27 Sep 2021 — If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34409 – Zoom Client Installer Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-34409
27 Sep 2021 — It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: 18EXPL: 0CVE-2021-41617 – openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured
https://notcve.org/view.php?id=CVE-2021-41617
26 Sep 2021 — Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privileges, potentially leading to local privilege escalation. • https://bugzilla.suse.com/show_bug.cgi?id=1190975 • CWE-273: Improper Check for Dropped Privileges •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32466 – Trend Micro HouseCall for Home Networks Uncontrolled Search Path Element Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32466
24 Sep 2021 — An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for Home Networks version 5.3.1225 and below could allow an attacker to escalate privileges by placing a custom crafted file in a specific directory to load a malicious library. ... Tenga en cuenta que un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate priv... • https://helpcenter.trendmicro.com/en-us/article/tmka-10626 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26750
https://notcve.org/view.php?id=CVE-2021-26750
23 Sep 2021 — Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file. • https://hansesecure.de/2021/02/vulnerability-in-panda-security-product/?lang=en • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 57EXPL: 0CVE-2021-21991
https://notcve.org/view.php?id=CVE-2021-21991
22 Sep 2021 — The vCenter Server contains a local privilege escalation vulnerability due to the way it handles session tokens. A malicious actor with non-administrative user access on vCenter Server host may exploit this issue to escalate privileges to Administrator on the vSphere Client (HTML5) or vCenter Server vSphere Web Client (FLEX/Flash). vCenter Server contiene una vulnerabilidad de escalada de privilegios local debido a la forma en que maneja los tokens de sesión. • https://www.vmware.com/security/advisories/VMSA-2021-0020.html •