CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-18171
https://notcve.org/view.php?id=CVE-2020-18171
26 Jul 2021 — TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. • https://docs.google.com/document/d/1W33rsdISmexLOGS4VmLUIITRU_KqGULcij1Z6QyxsjU/edit?usp=sharing • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18170
https://notcve.org/view.php?id=CVE-2020-18170
26 Jul 2021 — An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions. • https://github.com/GitHubAssessments/CVE_Assessment_05_2019/blob/master/Key_Manager_Report.pdf •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-18169
https://notcve.org/view.php?id=CVE-2020-18169
26 Jul 2021 — A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. • https://docs.google.com/document/d/1W33rsdISmexLOGS4VmLUIITRU_KqGULcij1Z6QyxsjU/edit?usp=sharing • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2021-30787 – Apple macOS process_token_BindQueryStoreRegisterToMemoryList Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-30787
23 Jul 2021 — Una aplicación puede causar una terminación inesperada del sistema o escribir en la memoria del kernel This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. • https://support.apple.com/en-us/HT212600 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 21CVE-2021-36934 – Microsoft Windows SAM Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-36934
22 Jul 2021 — </p> If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level. • https://packetstorm.news/files/id/164006 •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-2409 – Oracle VirtualBox NAT Numeric Truncation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-2409
20 Jul 2021 — Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://security.gentoo.org/glsa/202208-36 •
CVSS: 7.8EPSS: 1%CPEs: 20EXPL: 7CVE-2021-33909 – kernel: size_t-to-int conversion vulnerability in the filesystem layer
https://notcve.org/view.php?id=CVE-2021-33909
20 Jul 2021 — This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. • https://packetstorm.news/files/id/163621 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32760 – Archive package allows chmod of file outside of unpack target directory
https://notcve.org/view.php?id=CVE-2021-32760
19 Jul 2021 — If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could change permissions on files on the host filesystem and possibly escalate privileges. • https://github.com/containerd/containerd/releases/tag/v1.4.8 • CWE-281: Improper Preservation of Permissions CWE-668: Exposure of Resource to Wrong Sphere CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2021-34462 – Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-34462
16 Jul 2021 — Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows AppX Deployment Extensions This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34462 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3042 – Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-3042
15 Jul 2021 — A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. • https://security.paloaltonetworks.com/CVE-2021-3042 • CWE-427: Uncontrolled Search Path Element •