CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-36744 – Trend Micro Maximum Security Directory Junction Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-36744
30 Aug 2021 — Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service. • https://helpcenter.trendmicro.com/en-us/article/tmka-10568 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39167 – TimelockController vulnerability in OpenZeppelin Contracts
https://notcve.org/view.php?id=CVE-2021-39167
26 Aug 2021 — In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. • https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-39168 – TimelockController vulnerability in OpenZeppelin Contracts
https://notcve.org/view.php?id=CVE-2021-39168
26 Aug 2021 — In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. • https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/security/advisories/GHSA-vrw4-w73r-6mm8 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34864 – Parallels Desktop WinAppHelper Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34864
25 Aug 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Fue ZDI-CAN-13543 This vulnerability allows local attackers to escalate privileges on affect... • https://www.zerodayinitiative.com/advisories/ZDI-21-1000 • CWE-284: Improper Access Control •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32777 – Incorrect concatenation of multiple value request headers in ext-authz extension
https://notcve.org/view.php?id=CVE-2021-32777
24 Aug 2021 — Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h • CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-30995 – Apple macOS fclonefileat Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-30995
24 Aug 2021 —  Una aplicación maliciosa puede elevar los privilegios This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to escalate privileges from low integrity and execute code in the context of root. tvOS 15.2 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT212975 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31338
https://notcve.org/view.php?id=CVE-2021-31338
19 Aug 2021 — This could allow a local attacker to escalate privileges and execute own code on the device. • https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf • CWE-15: External Control of System or Configuration Setting •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24038
https://notcve.org/view.php?id=CVE-2021-24038
18 Aug 2021 — Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. • https://www.facebook.com/security/advisories/cve-2021-24038 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36281
https://notcve.org/view.php?id=CVE-2021-36281
16 Aug 2021 — A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges. • https://www.dell.com/support/kbdoc/000190408 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21599
https://notcve.org/view.php?id=CVE-2021-21599
16 Aug 2021 — This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. • https://www.dell.com/support/kbdoc/000190408 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •