CVE-2021-31822
https://notcve.org/view.php?id=CVE-2021-31822
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access. Cuando Octopus Tentacle se instala en un sistema operativo Linux, los permisos del archivo de servicio systemd están configurados inapropiadamente. Esto puede conllevar a que un usuario local no privilegiado modifique el contenido del archivo de servicio systemd para conseguir acceso privilegiado • https://advisories.octopus.com/adv/2021-11---Local-privilege-escalation-in-Octopus-Tentacle-%28CVE-2021-31822%29.2283732993.html • CWE-276: Incorrect Default Permissions •
CVE-2021-42297 – Windows 10 Update Assistant Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-42297
Este CVE ID es diferente de CVE-2021-43211 This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42297 https://www.zerodayinitiative.com/advisories/ZDI-21-1334 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-43019 – Adobe Creative Cloud Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-43019
An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . ... Es requerida una interacción del usuario antes de la instalación del producto para abusar de esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Creative Cloud. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpx.adobe.com/security/products/creative-cloud/apsb21-111.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-35052 – Kaspersky Password Manager Improper Privilege Management Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-35052
Un componente de Kaspersky Password Manager podría permitir a un atacante elevar el nivel de integridad de un proceso de Medio a Alto This vulnerability allows local attackers to escalate privileges on affected installations of Kaspersky Password Manager. ... An attacker can leverage this vulnerability to escalate privileges from medium integrity and execute code in the context of the current user at high integrity. • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#221121 https://www.zerodayinitiative.com/advisories/ZDI-21-1335 • CWE-269: Improper Privilege Management •
CVE-2021-42126 – Ivanti Avalanche User Management Improper Authentication Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-42126
Se presenta una vulnerabilidad de control de autorización inapropiada en Ivanti Avalanche versiones anteriores a 6.3.3 que permite a un atacante con acceso al Servicio Inforail llevar a cabo una escalada de privilegios This vulnerability allows remote attackers to escalate privileges on affected installations of Ivanti Avalanche. ... An attacker can leverage this vulnerability to escalate privileges to the level of admin. • https://forums.ivanti.com/s/article/Security-Alert-CVE-s-Addressed-in-Avalanche-6-3-3 • CWE-285: Improper Authorization •