CVE-2021-21911
https://notcve.org/view.php?id=CVE-2021-21911
A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1360 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVE-2021-21910
https://notcve.org/view.php?id=CVE-2021-21910
A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1360 • CWE-276: Incorrect Default Permissions •
CVE-2021-27445 – Mesa Labs AmegaView Improper Privilege Management
https://notcve.org/view.php?id=CVE-2021-27445
Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device. • https://us-cert.cisa.gov/ics/advisories/icsa-21-147-03 • CWE-269: Improper Privilege Management CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-42808 – The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions.
https://notcve.org/view.php?id=CVE-2021-42808
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. • https://cpl.thalesgroup.com/fr/software-monetization/security-updates • CWE-284: Improper Access Control •
CVE-2021-35234 – Exposed Dangerous Functions - Privileged Escalation
https://notcve.org/view.php?id=CVE-2021-35234
Un atacante con bajos privilegios de usuario puede robar los hashes de las contraseñas y la información de las sales de las contraseñas This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. ... An attacker can leverage this vulnerability to escalate privileges to the level of an application administrator. • https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3 https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35234 https://www.zerodayinitiative.com/advisories/ZDI-21-1596 https://www.zerodayinitiative.com/advisories/ZDI-21-1597 https://www.zerodayinitiative.com/advisories/ZDI-21-1598 https://www.zerodayinitiative.com/advisories/ZDI-21-1599 https://www.ze • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •