CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-2321 – Oracle VirtualBox e1000 Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-2321
28 Apr 2021 — An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://www.oracle.com/security-alerts/cpuapr2021.html • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22669
https://notcve.org/view.php?id=CVE-2021-22669
26 Apr 2021 — Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. • https://us-cert.cisa.gov/ics/advisories/icsa-21-103-02 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27851 – Local privilege escalation in GNU Guix via guix-daemon and '--keep-failed'
https://notcve.org/view.php?id=CVE-2021-27851
26 Apr 2021 — A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. • https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-22682
https://notcve.org/view.php?id=CVE-2021-22682
23 Apr 2021 — This may allow unprivileged users to modify the binaries and configuration files and lead to local privilege escalation. • https://us-cert.cisa.gov/ics/advisories/icsa-21-112-01 • CWE-284: Improper Access Control •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31519 – Trend Micro HouseCall for Home Networks Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-31519
23 Apr 2021 — An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. ... Tome en cuenta que un atacante debe primero obtener la habilidad de ejecutar código poco privilegio en el sistema de destino para explotar esta vulnerabilidad This vulnerability allows... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10310 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-31607 – Gentoo Linux Security Advisory 202310-22
https://notcve.org/view.php?id=CVE-2021-31607
23 Apr 2021 — In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. ... El ataque requiere que sea creado un archivo con un nombre de ruta respaldado por snapper, y que el maestro llame a la función snapper.diff (que ejecuta popen de manera no segura) Multiple security vulnerabilities have been discovered in Salt, a powerful remote execution manager, that allow for local privilege escalation on a ... • https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28649 – Trend Micro HouseCall for Home Networks Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-28649
23 Apr 2021 — An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. ... Tome en cuenta que un atacante debe primero obtener la habilidad de ejecutar código poco privilegiado en el sistema de destino para explotar esta vulnerabilidad This vulnerability allows local... • https://helpcenter.trendmicro.com/en-us/article/TMKA-10310 • CWE-276: Incorrect Default Permissions •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-2250 – Oracle VirtualBox SLiRP Networking Heap-based Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-2250
22 Apr 2021 —  Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://security.gentoo.org/glsa/202208-36 •
CVSS: 5.5EPSS: 0%CPEs: 183EXPL: 0CVE-2021-0256 – Junos OS: mosquitto Local Privilege Escalation vulnerability in SUID binaries
https://notcve.org/view.php?id=CVE-2021-0256
22 Apr 2021 — A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run mosquitto with root privileges and access sensitive information stored on the local filesystem. This i... • https://kb.juniper.net/JSA11175 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 183EXPL: 0CVE-2021-0255 – Junos OS: ethtraceroute Local Privilege Escalation vulnerability in SUID binaries
https://notcve.org/view.php?id=CVE-2021-0255
22 Apr 2021 — A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run ethtraceroute with root privileges. • https://kb.juniper.net/JSA11175 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •