CVE-2021-45389
https://notcve.org/view.php?id=CVE-2021-45389
A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. • https://www.starwindsoftware.com/security/sw-20211215-0001 https://www.starwindsoftware.com/security/sw-20211512-0001 • CWE-287: Improper Authentication •
CVE-2021-45912
https://notcve.org/view.php?id=CVE-2021-45912
An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method. Un canal Named Pipe no autenticado en el agente en tiempo real de Controlup (cuAgent.exe) versiones anteriores a 8.5, permite potencialmente a un atacante ejecutar comandos del Sistema Operativo por medio del método ProcessActionRequest WCF • https://controlup.com https://www.controlup.com/security/security-advisory-local-privilege-escalation • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-44466
https://notcve.org/view.php?id=CVE-2021-44466
Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. • https://www.tenable.com/security/research/tra-2021-58 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-20172
https://notcve.org/view.php?id=CVE-2021-20172
All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. • https://www.tenable.com/security/research/tra-2021-56 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-21912
https://notcve.org/view.php?id=CVE-2021-21912
A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1360 • CWE-276: Incorrect Default Permissions •