CVE-2021-43771 – Trend Micro Antivirus for Mac Improper Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-43771
Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. ... Tenga en cuenta que un atacante debe obtener primero la capacidad de ejecutar código con pocos privilegios en el sistema de destino para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10832 https://www.zerodayinitiative.com/advisories/ZDI-21-1320 •
CVE-2021-36315
https://notcve.org/view.php?id=CVE-2021-36315
This may allow a local unauthenticated user to escalate privileges. • https://www.dell.com/support/kbdoc/en-us/000193005 •
CVE-2021-42563
https://notcve.org/view.php?id=CVE-2021-42563
This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. • https://www.ni.com/en-us/support/documentation/supplemental/21/unquoted-service-path-in-ni-service-locator.html • CWE-428: Unquoted Search Path or Element •
CVE-2021-3061 – PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI)
https://notcve.org/view.php?id=CVE-2021-3061
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. • https://security.paloaltonetworks.com/CVE-2021-3061 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-3059 – PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates
https://notcve.org/view.php?id=CVE-2021-3059
This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. • https://security.paloaltonetworks.com/CVE-2021-3059 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •