CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38608
https://notcve.org/view.php?id=CVE-2021-38608
16 Aug 2021 — Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent. • https://www.tranquil.it/en/manage-it-equipment/discover-wapt •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-18753
https://notcve.org/view.php?id=CVE-2020-18753
13 Aug 2021 — s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet. • https://github.com/Ni9htMar3/vulnerability/blob/master/PLC/DCCE/DCCE%20MAC1100%20PLC_start-stop.md • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37345
https://notcve.org/view.php?id=CVE-2021-37345
13 Aug 2021 — Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. • http://nagios.com • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37347
https://notcve.org/view.php?id=CVE-2021-37347
13 Aug 2021 — Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. • https://www.nagios.com/downloads/nagios-xi/change-log • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37349
https://notcve.org/view.php?id=CVE-2021-37349
13 Aug 2021 — Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. • https://www.nagios.com/downloads/nagios-xi/change-log •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38086
https://notcve.org/view.php?id=CVE-2021-38086
12 Aug 2021 — Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. • https://kb.acronis.com/content/68564 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38088
https://notcve.org/view.php?id=CVE-2021-38088
12 Aug 2021 — Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. • https://kb.acronis.com/content/68564 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16630
https://notcve.org/view.php?id=CVE-2017-16630
11 Aug 2021 — In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function. En SapphireIMS versión 4097_1, un usuario invitado puede crear una cuenta de administrador local en cualquier sistema que tenga SapphireIMS instalado, debido a una Referencia Directa a Objetos Inseguros (IDOR) en la función local user creation • https://vuln.shellcoder.party/2020/07/18/cve-2017-16630-sapphireims-idor-based-privilege-elevation • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3050 – PAN-OS: OS Command Injection Vulnerability in Web Interface
https://notcve.org/view.php?id=CVE-2021-3050
11 Aug 2021 — An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. • https://security.paloaltonetworks.com/CVE-2021-3050 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2021-34536 – Storage Spaces Controller Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-34536
11 Aug 2021 — Storage Spaces Controller Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Storage Spaces Controller This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34536 • CWE-190: Integer Overflow or Wraparound •