CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34856 – Parallels Desktop virtio-gpu Memory Corruption Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34856
03 Aug 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Fue ZDI-CAN-13581 This vulnerability allows local attackers to escalate privileges on affect... • https://kb.parallels.com/125013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36928 – Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-36928
03 Aug 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Edge. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36928 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34854 – Parallels Desktop Toolgate Uncontrolled Memory Allocation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34854
03 Aug 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Fue ZDI-CAN-13544 This vulnerability allows local attackers to escalate privileges on affect... • https://kb.parallels.com/125013 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34857 – Parallels Desktop Toolgate Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34857
03 Aug 2021 — This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Fue ZDI-CAN-13601 This vulnerability allows local attackers to escalate privileges on affect... • https://kb.parallels.com/125013 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37759
https://notcve.org/view.php?id=CVE-2021-37759
31 Jul 2021 — A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). • https://www.graylog.org/post/announcing-graylog-v4-1-2 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37760
https://notcve.org/view.php?id=CVE-2021-37760
31 Jul 2021 — A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID). • https://www.graylog.org/post/announcing-graylog-v4-1-2 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32464 – Trend Micro Worry-Free Business Security Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32464
30 Jul 2021 — Nota: un atacante debe obtener primero la habilidad de ejecutar código poco privilegiado en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Worry-Free Business Security. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://success.trendmicro.com/jp/solution/000287796 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-36742 – Trend Micro Multiple Products Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-36742
29 Jul 2021 — A improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG and Worry-Free Business Security 10.0 SP1 allows a local attacker to escalate privileges on affected installations. • https://success.trendmicro.com/jp/solution/000287796 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18174
https://notcve.org/view.php?id=CVE-2020-18174
26 Jul 2021 — A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges. • https://github.com/GitHubAssessments/CVE_Assessments_02_2020 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-18172
https://notcve.org/view.php?id=CVE-2020-18172
26 Jul 2021 — A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. • https://github.com/GitHubAssessments/CVE_07_2019/blob/master/Report.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •