CVSS: 7.8EPSS: 5%CPEs: 18EXPL: 0CVE-2021-34484 – Microsoft Windows User Profile Service Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34484
11 Aug 2021 — Windows User Profile Service Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en Windows User Profile Service This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the User Profile Service. By creating a directory junction, an attacker can abuse the se... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34484 •
CVSS: 7.8EPSS: 90%CPEs: 5EXPL: 21CVE-2021-36934 – Microsoft Windows SAM Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-36934
22 Jul 2021 —
An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker must have the ability to execute code on a victim system to exploit this vulnera... • https://packetstorm.news/files/id/164006 •