Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36931 | 1 Microsoft | 1 Edge Chromium | 2021-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36928. | |||||
| CVE-2019-18822 | 1 Eleveo | 1 Call Recording | 2021-08-27 | 9.0 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the callrec-rs@.service. The callrec-rs@.service starts the /opt/callrec/bin/rs binary with root privileges, and this binary is owned by callrec. It can be replaced by a Trojan horse. | |||||
| CVE-2021-24038 | 1 Oculus | 1 Desktop | 2021-08-27 | 4.6 MEDIUM | 7.8 HIGH |
| Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507. | |||||
| CVE-2021-29802 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | |||||
| CVE-2021-34745 | 1 Cisco | 1 Appdynamics .net Agent | 2021-08-25 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7. | |||||
| CVE-2021-34486 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34487. | |||||
| CVE-2021-34487 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26425, CVE-2021-34486. | |||||
| CVE-2021-34484 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows User Profile Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-37345 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. | |||||
| CVE-2021-34483 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2021-34471 | 1 Microsoft | 1 Malware Protection Engine | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | |||||
| CVE-2021-36927 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2021-08-20 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | |||||
| CVE-2021-36943 | 1 Microsoft | 1 Azure Cyclecloud | 2021-08-20 | 4.6 MEDIUM | 7.8 HIGH |
| Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33762. | |||||
| CVE-2021-36945 | 1 Microsoft | 1 Windows 10 Update Assistant | 2021-08-20 | 6.8 MEDIUM | 7.8 HIGH |
| Windows 10 Update Assistant Elevation of Privilege Vulnerability | |||||
| CVE-2021-36948 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-08-20 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Update Medic Service Elevation of Privilege Vulnerability | |||||
| CVE-2021-34537 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-08-20 | 5.2 MEDIUM | 8.0 HIGH |
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-37627 | 1 Contao | 1 Contao | 2021-08-20 | 6.5 MEDIUM | 7.2 HIGH |
| Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form generator. All users are advised to update to Contao 4.4.56, 4.9.18 or 4.11.7. As a workaround users may disable the form generator or disable the login for untrusted back end users. | |||||
| CVE-2020-24576 | 1 Netskope | 1 Netskope | 2021-08-20 | 9.0 HIGH | 8.8 HIGH |
| Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM. | |||||
| CVE-2021-38140 | 1 Set User Project | 1 Set User | 2021-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user(). | |||||
| CVE-2021-20075 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2021-08-17 | 7.2 HIGH | 7.8 HIGH |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. | |||||