CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31847 – Improper privilege management in repair process of MA for Windows
https://notcve.org/view.php?id=CVE-2021-31847
22 Sep 2021 — Esto daría lugar a una elevación de privilegios y a la posibilidad de ejecutar código arbitrario como usuario del sistema, al no proteger correctamente un directorio temporal usado en el proceso de reparación y no comprobar la firma de la DLL This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Endpoint Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://kc.mcafee.com/corporate/index?page=content&id=SB10369 • CWE-269: Improper Privilege Management CWE-347: Improper Verification of Cryptographic Signature CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 3CVE-2021-22015 – VMware vCenter Server Appliance Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-22015
22 Sep 2021 — The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. ... Un usuario local autenticado con privilegios no administrativos puede explotar estos problemas para elevar sus privilegios a root en vCenter Server Appliance This vulnerability allows local attackers to escalate privileges on affected installations of VMware vCenter Server Appliance. ... An attacker can leverage this vulnerability to escalate privileges
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2021-30832 – Apple macOS CVMServer Use-After-Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-30832
22 Sep 2021 — Un atacante local puede ser capaz de elevar sus privilegios This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. macOS Big Sur 11.6 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT212804 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41315
https://notcve.org/view.php?id=CVE-2021-41315
17 Sep 2021 — This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges. • https://blog.device42.com/2021/09/critical-fixes-in-17-05-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31844 – Local Privilege Escalation in McAfee DLP Endpoint for Windows
https://notcve.org/view.php?id=CVE-2021-31844
17 Sep 2021 — A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size. Una vulnerabilidad de desbordamiento del búfer en McAfee Data Loss Prevent... • https://kc.mcafee.com/corporate/index?page=content&id=SB10368 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2021-38634 – Microsoft Windows Update Client Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-38634
15 Sep 2021 — Microsoft Windows Update Client Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Microsoft Windows Update Client This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38634 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26434 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-26434
15 Sep 2021 — Visual Studio Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Visual Studio This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Visual Studio. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26434 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 20EXPL: 0CVE-2021-37173
https://notcve.org/view.php?id=CVE-2021-37173
14 Sep 2021 — This could allow an authenticated remote attacker to escalate privileges and gain root access to the device. • https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-19280
https://notcve.org/view.php?id=CVE-2020-19280
09 Sep 2021 — Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows attackers to escalate privileges and perform sensitive program operations. • https://github.com/zchuanzhao/jeesns/issues/9 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20118
https://notcve.org/view.php?id=CVE-2021-20118
09 Sep 2021 — Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. • https://www.tenable.com/security/tns-2021-15 •