CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31928
https://notcve.org/view.php?id=CVE-2021-31928
10 Jun 2021 — Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to escalate privileges to superadministrator. • https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3041 – Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation
https://notcve.org/view.php?id=CVE-2021-3041
10 Jun 2021 — A local privilege escalation vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM privileges. • https://security.paloaltonetworks.com/CVE-2021-3041 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-25322 – python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root
https://notcve.org/view.php?id=CVE-2021-25322
10 Jun 2021 — A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. • https://bugzilla.suse.com/show_bug.cgi?id=1182373 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31997 – python-postorius: postorius-permissions.sh used during %post allows local privilege escalation from postorius user to root
https://notcve.org/view.php?id=CVE-2021-31997
10 Jun 2021 — A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions. Una vulnerabilidad de enlace simbólico de UNIX (Symlink) en python-postorius de openSUSE Leap 15.2, Factory permite a los atacantes locales escalar de... • https://bugzilla.suse.com/show_bug.cgi?id=1182407 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2021-31998 – inn: %post calls user owned file allowing local privilege escalation to root
https://notcve.org/view.php?id=CVE-2021-31998
10 Jun 2021 — A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2. Una vulnerabilidad de Permisos por Defecto Incorrectos e... • https://bugzilla.suse.com/show_bug.cgi?id=1182321 • CWE-276: Incorrect Default Permissions •
CVSS: 6.1EPSS: 0%CPEs: 104EXPL: 0CVE-2021-29049
https://notcve.org/view.php?id=CVE-2021-29049
09 Jun 2021 — Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter. Una vulnerabilidad de tipo Cross-site scripting (XSS) en la página de proceso de edición del módulo Portal Workflow en Liferay versiones 7.0 anteriores a fix pack 99, versiones 7.1 anteriores a fix pack 23, versione... • https://issues.liferay.com/browse/LPE-17211 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-31969 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31969
08 Jun 2021 — Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios en Windows Cloud Files Mini Filter Driver This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31969 • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 1%CPEs: 18EXPL: 4CVE-2021-31956 – Microsoft Windows NTFS Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-31956
08 Jun 2021 — Windows NTFS Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios en Windows NTFS Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application. • https://github.com/aazhuliang/CVE-2021-31956-EXP • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-31954 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-31954
08 Jun 2021 — Windows Common Log File System Driver Elevation of Privilege Vulnerability Una vulnerabilidad de Escalada de Privilegios en Windows Common Log File System Driver This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31954 • CWE-122: Heap-based Buffer Overflow CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 96%CPEs: 16EXPL: 48CVE-2021-1675 – Microsoft Windows Print Spooler Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-1675
08 Jun 2021 — Windows Print Spooler Remote Code Execution Vulnerability Una vulnerabilidad de Escalada de Privilegios de Windows Print Spooler Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution. • https://github.com/hlldz/CVE-2021-1675-LPE •