CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20117
https://notcve.org/view.php?id=CVE-2021-20117
09 Sep 2021 — Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. • https://www.tenable.com/security/tns-2021-15 •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28581 – Adobe Creative Cloud Desktop uncontrolled search path element vulnerability could lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2021-28581
08 Sep 2021 — Adobe Creative Cloud Desktop 3.5 (and earlier) is affected by an uncontrolled search path vulnerability that could result in elevation of privileges. Exploitation of this issue requires user interaction in that a victim must log on to the attacker's local machine. Adobe Creative Cloud Desktop versión 3.5 (y anteriores), está afectado por una vulnerabilidad de ruta de búsqueda no controlada que podría resultar en una elevación de privilegios. Es requerida una interacción del usuario para explotar este proble... • https://helpx.adobe.com/security/products/creative-cloud/apsb21-31.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34869 – Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34869
08 Sep 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Fue ZDI-CAN-13797 This vulnerability allows local attackers to escalate privileges on affected... • https://kb.parallels.com/125013 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34867 – Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34867
08 Sep 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Fue ZDI-CAN-13672 This vulnerability allows local attackers to escalate privileges on affected... • https://kb.parallels.com/125013 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21996 – Gentoo Linux Security Advisory 202310-22
https://notcve.org/view.php?id=CVE-2021-21996
08 Sep 2021 — Un usuario que presenta el control de las URLs source, y source_hash puede conseguir acceso completo al sistema de archivos como root en un minion de Salt Multiple security vulnerabilities have been discovered in Salt, a powerful remote execution manager, that allow for local privilege escalation on a minion, server side template injection attacks, insufficient checks for eauth credentials, shell and command injections or incorrect validation of SSL certificates. • https://lists.debian.org/debian-lts-announce/2021/11/msg00017.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34868 – Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34868
08 Sep 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Fue ZDI-CAN-13712 This vulnerability allows local attackers to escalate privileges on affected... • https://kb.parallels.com/125013 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36232
https://notcve.org/view.php?id=CVE-2021-36232
31 Aug 2021 — Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. • https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-036.txt • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 1%CPEs: 5EXPL: 0CVE-2021-35212 – Blind SQL injection Vulnerability
https://notcve.org/view.php?id=CVE-2021-35212
31 Aug 2021 — Una inyección SQL booleana ciega que podría conllevar a una lectura y escritura completa sobre el contenido de la base de datos de Orion, incluyendo el certificado de Orion, para cualquier usuario autenticado This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Orion Network Performance Monitor. ... An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-35213 – Orion User setting Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-35213
31 Aug 2021 — Es requerida una autenticación para explotar la vulnerabilidad This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Orion Platform. ... An attacker can leverage this vulnerability to escalate privileges from Guest to Administrator. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 34EXPL: 0CVE-2021-34865 – NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-34865
30 Aug 2021 — An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://kb.netgear.com/000063955/Security-Advisory-for-Authentication-Bypass-Vulnerability-on-Some-Routers-PSV-2021-0083?article=000063955 • CWE-287: Improper Authentication CWE-697: Incorrect Comparison •