CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32463 – Trend Micro Apex One Incorrect Permission Assignment Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-32463
13 Jul 2021 — An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. • https://success.trendmicro.com/solution/000286855 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21589
https://notcve.org/view.php?id=CVE-2021-21589
12 Jul 2021 — A local authenticated Service user could potentially exploit this vulnerability to escalate privileges. • https://www.dell.com/support/kbdoc/000189204 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-22921
https://notcve.org/view.php?id=CVE-2021-22921
12 Jul 2021 — Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-32521 – QSAN Storage Manager, XEVO, SANOS - Use of Hard-coded Password
https://notcve.org/view.php?id=CVE-2021-32521
07 Jul 2021 — Use of MAC address as an authenticated password in QSAN Storage Manager, XEVO, SANOS allows local attackers to escalate privileges. • https://www.twcert.org.tw/tw/cp-132-4877-7b696-1.html • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32461 – Trend Micro Password Manager Integer Truncation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32461
05 Jul 2021 — Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. ... Un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema objetivo para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32462 – Trend Micro Password Manager Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-32462
05 Jul 2021 — Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27362
https://notcve.org/view.php?id=CVE-2020-27362
01 Jul 2021 — An issue exists within the SSH console of Akkadian Provisioning Manager 4.50.02 which allows a low-level privileged user to escape the web configuration file editor and escalate privileges. • https://www.blacklanternsecurity.com/2021-07-01-Akkadian-CVE • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2021-25321 – arpwatch: Local privilege escalation from runtime user to root
https://notcve.org/view.php?id=CVE-2021-25321
30 Jun 2021 — A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9... • https://bugzilla.suse.com/show_bug.cgi?id=1186240 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-35523 – Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-35523
28 Jun 2021 — Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. ... Un usuario local no privilegiado puede modificar la configuración de OpenVPN almacenado en "%APPDATA%\Securepoint SSL VPN" y añadir un archivo de script externo que es ejecutado como usuario privilegiado Securepoint SSL VPN Client version 2.0.30 suffers from a local privilege escalation vulnerability. • https://bogner.sh/2021/04/local-privilege-escalation-in-securepoint-ssl-vpn-client-2-0-30 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20100
https://notcve.org/view.php?id=CVE-2021-20100
28 Jun 2021 — Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. • https://www.tenable.com/security/tns-2021-12 •