CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20099
https://notcve.org/view.php?id=CVE-2021-20099
28 Jun 2021 — Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. • https://www.tenable.com/security/tns-2021-12 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2021-35448 – Remote Mouse GUI 3.008 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-35448
24 Jun 2021 — Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections. Emote Interactive Remote Mouse versión 3.008 en Windows, permite a atacantes ejecutar programas arbitrarios como Administrador al usar la funcionalidad Image Transfer Folder para navegar al ejecutable cmd.exe. Se vincula a los puertos locales para escuchar las conexiones e... • https://deathflash.ml/blog/remote-mouse-lpe • CWE-269: Improper Privilege Management •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25653 – Avaya Aura Appliance Virtualization Platform Utilities Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25653
24 Jun 2021 — A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities (AVPU) that may potentially allow a local user to escalate privileges. • https://support.avaya.com/css/P8/documents/101076479 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25651 – Avaya Aura Utility Services Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25651
24 Jun 2021 — A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. • https://support.avaya.com/css/P8/documents/101072728 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 68EXPL: 1CVE-2021-3609 – kernel: race condition in net/can/bcm.c leads to local privilege escalation
https://notcve.org/view.php?id=CVE-2021-3609
23 Jun 2021 — .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. ... Esta condición de carrera en el archivo net/can/bcm.c en el kernel de Linux permite una escalada de privilegios local a root A flaw was found in the CAN BCM networking protocol in the Linux kerne... • https://bugzilla.redhat.com/show_bug.cgi?id=1971651 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21999 – VMware Workstation Tools Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-21999
23 Jun 2021 — VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. ... Un atacante con acceso normal a una máquina virtual puede explotar este problema al colocar un archivo malicioso renombrado como "openssl.cnf" en un directorio no restringido que permitiría ejecutar código con privilegios elevados This vulnerability allows local attackers to <... • https://www.vmware.com/security/advisories/VMSA-2021-0013.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-29337
https://notcve.org/view.php?id=CVE-2021-29337
21 Jun 2021 — MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and potentially escalate privileges via a crafted IOCTL 0x9c406104 call. • https://github.com/rjt-gupta/CVE-2021-29337 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26089 – Fortinet FortiClient Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-26089
17 Jun 2021 — Un seguimiento inapropiado de los enlaces simbólicos en FortiClient para Mac versiones 6.4.3 y por debajo, puede permitir a un usuario no privilegiado ejecutar comandos de shell con privilegios arbitrarios durante la fase de instalación This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient on Apple macOS. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://fortiguard.com/advisory/FG-IR-21-022 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27483
https://notcve.org/view.php?id=CVE-2021-27483
16 Jun 2021 — ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user. • https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31505 – Arlo Q Plus SSH Use of Hard-coded Credentials Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-31505
14 Jun 2021 — This vulnerability allows attackers with physical access to escalate privileges on affected installations of Arlo Q Plus 1.9.0.3_278. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Fue ZDI-CAN-12890 This vulnerability allows attackers with physical access to escalate privileges on affec... • https://kb.arlo.com/000062592/Security-Advisory-for-Arlo-Q-Plus-SSH-Use-of-Hard-coded-Credentials-Allowing-Privilege-Escalation • CWE-798: Use of Hard-coded Credentials •