Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recomme…

CVE-2021-36316MEDIUMCVSS 6.7EG 6.7

2021-12-21

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure o…

CVE-2021-36339HIGHCVSS 7.8EG 7.8

2022-01-21

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.

CVE-2021-36666HIGHCVSS 7.8EG 7.8

2022-07-12

An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.

CVE-2021-36710HIGHCVSS 8.8EG 8.8

2022-06-08

ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0.

CVE-2021-36744HIGHCVSS 7.8EG 7.8

2021-09-06

Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.

CVE-2021-36784HIGHCVSS 7.2EG 7.2

2022-05-02

A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.

CVE-2021-36809MEDIUMCVSS 6.1EG 6.0

2022-03-08

A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.

CVE-2021-36879CRITICALCVSS 9.8EG 9.8

2021-09-27

Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.

CVE-2021-36922HIGHCVSS 7.8EG 7.8

2021-11-02

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Informa…

CVE-2021-36923HIGHCVSS 7.8EG 7.8

2021-11-02

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, D…

CVE-2021-36927HIGHCVSS 7.8EG 7.8

2021-08-12

Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability

CVE-2021-36928MEDIUMCVSS 6.0EG 7.8

2021-08-26

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-36930MEDIUMCVSS 5.3EG 5.3

2021-09-02

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-36931MEDIUMCVSS 4.4EG 4.4

2021-08-26

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-36934HIGHCVSS 7.8EG 9.0⚠ KEV

2021-07-22

<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulner…

CVE-2021-36943MEDIUMCVSS 4.0EG 4.0

2021-08-12

Azure CycleCloud Elevation of Privilege Vulnerability

CVE-2021-36945HIGHCVSS 7.3EG 7.3

2021-08-12

Windows 10 Update Assistant Elevation of Privilege Vulnerability

CVE-2021-36948HIGHCVSS 7.8EG 9.0⚠ KEV

2021-08-12

Windows Update Medic Service Elevation of Privilege Vulnerability

CVE-2021-36954HIGHCVSS 8.8EG 8.8

2021-09-15

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CVE-2021-36955HIGHCVSS 7.8EG 9.0⚠ KEV

2021-09-15

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2021-36957HIGHCVSS 7.8EG 7.8

2021-11-10

Windows Desktop Bridge Elevation of Privilege Vulnerability

CVE-2021-36963HIGHCVSS 7.8EG 7.8

2021-09-15

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2021-36964HIGHCVSS 7.8EG 7.8

2021-09-15

Windows Event Tracing Elevation of Privilege Vulnerability

CVE-2021-36966HIGHCVSS 7.8EG 7.8

2021-09-15

Windows Subsystem for Linux Elevation of Privilege Vulnerability

CVE-2021-36967HIGHCVSS 8.0EG 8.0

2021-09-15

Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

CVE-2021-36968HIGHCVSS 7.8EG 7.8

2021-09-15

Windows DNS Elevation of Privilege Vulnerability

CVE-2021-36973HIGHCVSS 7.8EG 7.8

2021-09-15

Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability

CVE-2021-36974HIGHCVSS 7.8EG 7.8

2021-09-15

Windows SMB Elevation of Privilege Vulnerability

CVE-2021-36975HIGHCVSS 7.8EG 7.8

2021-09-15

Win32k Elevation of Privilege Vulnerability

CVE-2021-36986CRITICALCVSS 9.8EG 9.8

2021-10-28

There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.

CVE-2021-37091HIGHCVSS 7.5EG 7.5

2021-12-07

There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected.

CVE-2021-37113HIGHCVSS 7.5EG 7.5

2022-01-03

There is a Privilege escalation vulnerability with the file system component in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-37121CRITICALCVSS 9.8EG 9.8

2022-01-03

There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.

CVE-2021-37167CRITICALCVSS 9.8EG 9.8

2021-08-02

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root acc…

CVE-2021-37173HIGHCVSS 8.8EG 8.8

2021-09-14

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM RO…

CVE-2021-37274HIGHCVSS 8.8EG 8.8

2021-09-27

Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes.

CVE-2021-37345HIGHCVSS 7.8EG 7.8

2021-08-13

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions.

CVE-2021-37347HIGHCVSS 7.8EG 7.8

2021-08-13

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.

CVE-2021-37349HIGHCVSS 7.8EG 7.8

2021-08-13

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database.

CVE-2021-37394HIGHCVSS 8.8EG 8.8

2021-07-26

In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.

CVE-2021-37424CRITICALCVSS 9.8EG 9.8

2021-09-21

ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.

CVE-2021-37627HIGHCVSS 8.0EG 8.0

2021-08-11

Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back …

CVE-2021-37852HIGHCVSS 7.8EG 7.8

2022-02-09

ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITY\SYSTEM.

CVE-2021-37911HIGHCVSS 8.8EG 8.8

2021-08-30

The management interface of BenQ smart wireless conference projector does not properly control user's privilege. Attackers can access any system directory of this device through the interface and execute arbitrary commands if he enters the…

CVE-2021-37937MEDIUMCVSS 5.9EG 5.9

2023-11-22

An issue was found with how API keys are created with the Fleet-Server service account. When an API key is created with a service account, it is possible that the API key could be created with higher privileges than intended. Using this vu…

CVE-2021-37938MEDIUMCVSS 4.3EG 4.3

2021-11-18

It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal fi…

CVE-2021-37941HIGHCVSS 7.8EG 7.8

2021-12-08

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account co…

CVE-2021-37942HIGHCVSS 7.0EG 7.0

2023-11-22

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a…

CVE-2021-37969HIGHCVSS 7.8EG 7.8

2021-10-08

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.

CWE-269— Improper Privilege Management

CVEs classified under CWE-269page 44 of 85

Map vulnerabilities like CWE-269 to your infrastructure