An elevation of privilege vulnerability exists in Windows when the NTFS component fails to properly handle objects in memory.

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, then install programs, view,

change, delete data or create new accounts with full user rights.

A path traversal vulnerability in Grafana may allow an unauthenticated attacker to download system files through specially crafted HTTP resource requests.

JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by VMware vCenter Server, allows unauthenticated attackers to execute system commands.

JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by VMware vRealize Operations Manager, allows unauthenticated attackers to execute system commands.

A deserialization vulnerability present in the TypedBinaryFormatter class allows authenticated remote attackers to execute arbitrary OS commands with SYSTEM user privileges.

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.

An OGNL injection vulnerability in Confluence Server and Data Center allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.

The Canon TR150 print driver is vulnerable to a privilege escalation issue. During the add printer process an attacker can overwrite a DLL and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges.

The password input field in the "/auth/" and "/auth/change" endpoints of Cisco HyperFlex HX Installer Virtual Machine allow an unauthenticated attacker to execute systems commands as root.

A path traversal vulnerability in Apache HTTP server may allow an unauthenticated attacker to download system files through specially crafted HTTP resource requests.

This vulnerability is a bypass of CVE-2021-41773.