CVE-2021-37207
https://notcve.org/view.php?id=CVE-2021-37207
This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. • https://cert-portal.siemens.com/productcert/pdf/ssa-537983.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-43412
https://notcve.org/view.php?id=CVE-2021-43412
This can be exploited for local privilege escalation to get full root access. • https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html https://www.mail-archive.com/bug-hurd%40gnu.org/msg32116.html • CWE-416: Use After Free •
CVE-2021-43414
https://notcve.org/view.php?id=CVE-2021-43414
The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. • https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html https://www.mail-archive.com/bug-hurd%40gnu.org/msg32114.html • CWE-287: Improper Authentication •
CVE-2021-40124 – Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-40124
A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-nam-priv-yCsRNUGT • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVE-2021-38422 – Delta Electronics DIALink
https://notcve.org/view.php?id=CVE-2021-38422
Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges. • https://us-cert.cisa.gov/ics/advisories/icsa-21-294-02 • CWE-312: Cleartext Storage of Sensitive Information •