CVE-2021-43237 – Windows Setup Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-43237
Windows Setup Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios en Windows Setup This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43237 https://www.zerodayinitiative.com/advisories/ZDI-22-018 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-41365 – Microsoft Defender for IoT Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-41365
Este ID de CVE es diferente de CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889 This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Azure Defender for IoT. ... An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41365 https://www.zerodayinitiative.com/advisories/ZDI-21-1595 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-43326 – Automox Agent 32 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-43326
Automox Agent versiones anteriores a 32 en Windows establece incorrectamente los permisos en un directorio temporal Automox Agent version 32 suffers from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/50642 http://packetstormsecurity.com/files/165449/Automox-Agent-32-Local-Privilege-Escalation.html https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636 https://support.automox.com/help/release-notes • CWE-276: Incorrect Default Permissions •
CVE-2021-43325
https://notcve.org/view.php?id=CVE-2021-43325
Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression. Automox Agent versión 33 en Windows establece incorrectamente los permisos en un directorio temporal. NOTA: este problema se presenta debido a una regresión CVE-2021-43326 • https://community.automox.com/product-updates-4/cve-2021-43326-and-cve-2021-43325-local-privilege-escalation-in-automox-agent-windows-only-1636 https://support.automox.com/help/release-notes • CWE-276: Incorrect Default Permissions •
CVE-2021-38182
https://notcve.org/view.php?id=CVE-2021-38182
Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. • https://github.com/kyma-project/kyma/security/advisories/GHSA-2vjp-5q24-hqjv https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •