My CVEs

Source repository: https://github.com/RonnieSalomonsen/My-CVEs

Yes this is purely for bragging purposes. No I’m not ashamed.

CVE-2021-30359

Check Point Harmony Browse and SandBlast Agent for Browsers for Windows contains a local privilege escalation vulnerability prior to version 90.08.7405.

References:

• https://supportcontent.checkpoint.com/solutions?id=sk175968
• https://supportcontent.checkpoint.com/solutions?id=sk142952
• https://www.cve.org/CVERecord?id=CVE-2021-30359
• https://nvd.nist.gov/vuln/detail/CVE-2021-30359
• https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0007/MNDT-2021-0007.md

PoC:

• N/A

CVE-2021-42254

BeyondTrust Privilege Management for Windows contains a local privilege escalation vulnerability prior to version 21.6

References:

• https://www.beyondtrust.com/security
• https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0016478
• https://www.cve.org/CVERecord?id=CVE-2021-42254
• https://nvd.nist.gov/vuln/detail/CVE-2021-42254
• https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md

PoC:

• N/A

CVE-2021-42711

Barracuda Network Access Client (NAC/VPN) for Windows contains a local privilege escalation vulnerability prior to version 5.2.2.

References

• https://campus.barracuda.com/product/networkaccessclient/doc/94539770/release-notes-barracuda-nac-vpn-client-5-2-for-windows/
• https://www.cve.org/CVERecord?id=CVE-2021-42711
• https://nvd.nist.gov/vuln/detail/CVE-2021-42711
• https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0010/MNDT-2021-0010.md

PoC:

• N/A

CVE-2021-41526

Flexera Revenera InstallShield for Windows prior to version 2021 R2 contains a local privilege escalation vulnerability during MSI repair for the MSI built with InstallScript custom action.

References

• https://community.flexera.com/t5/InstallShield-Knowledge-Base/CVE-2021-41526-Privilege-escalation-vulnerability-during-MSI/ta-p/218137/jump-to/first-unread-message
• https://www.cve.org/CVERecord?id=CVE-2021-41526
• https://nvd.nist.gov/vuln/detail/CVE-2021-41526
• https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0011/MNDT-2021-0011.md

PoC:

• N/A

CVE-2021-30360

Check Point Enterprise Endpoint Security Client for Windows contains a local privilege escalation vulnerability prior to version E86.20

References

• https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176853
• https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk142952
• https://www.cve.org/CVERecord?id=CVE-2021-30360
• https://nvd.nist.gov/vuln/detail/CVE-2021-30360
• https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0001/MNDT-2022-0001.md

PoC:

• N/A

CVE-2021-42810

Thales SafeNet Agent for Remote Desktop Gateway for Windows contains a local privilege escalation vulnerability prior to version 2.0.3

References

• https://supportportal.gemalto.com/csm?sys_kb_id=39c74a10db890110520c47050596190c&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=96684690db890110520c4705059619b8&sysparm_article=KB0025414
• https://supportportal.gemalto.com/csm?id=kb_article_view&sys_kb_id=5e62a1181b094110f9dca6886e4bcb9e&sysparm_article=KB0025411
• https://supportportal.gemalto.com/csm?id=kb_article_view&sys_kb_id=720825d81b894110f9dca6886e4bcb39&sysparm_article=KB0025412
• https://www.cve.org/CVERecord?id=CVE-2021-42810
• https://nvd.nist.gov/vuln/detail/CVE-2021-42810
• https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md

PoC:

• N/A

CVE-2022-23280

Microsoft Outlook for MacOS contains a Security Feature Bypass Vulnerability prior to version 16.57

References

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23280
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23280
• https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0004/MNDT-2022-0004.md

PoC:

• N/A

CVE-2021-42714

Splashtop Remote Business Client for Windows contains a local privilege escalation vulnerability prior to version 3.5.0.0

References

• Splashtop Business App for Windows v3.5.0.0 - released
• Mitre CVE-2021-42714
• Mandiant Vulnerability Disclosures

PoC:

• N/A

CVE-2021-42713

Splashtop Remote Personal Client for Windows contains a local privilege escalation vulnerability prior to version 3.4.8.4

References

• Splashtop Personal App for Windows v.3.4.8.4 - released
• Mitre CVE-2021-42713
• Mandiant Vulnerability Disclosures

PoC:

• N/A

CVE-2021-42712

Splashtop Streamer for Windows contains a local privilege escalation vulnerability prior to version 3.5.0.0

References

• Splashtop Streamer for Windows v3.5.0.0 - released
• Mitre CVE-2021-42712
• Mandiant Vulnerability Disclosures

PoC:

• N/A

CVE-2022-23296

Microsoft Windows Installer contains a local privilege escalation vulnerability prior to March 2022 security update.

References

• Microsoft Advisory
• Mitre CVE-2022-23296
• Mandiant Vulnerability Disclosures

PoC:

• N/A

CVE-2021-42255

AppGuard Agent for Windows contains a local privilege escalation vulnerability prior to version 6.7.100.1.

References

• Mitre CVE-2021-42255
• Mandiant Vulnerability Disclosures

PoC:

• N/A

CVE-2021-27765

HCL BigFix Server API for Windows contains a local privilege escalation vulnerability prior to version 10.0.6/9.5.19.

References

• HCL Security Bulletin
• Mitre CVE-2021-27765
• Mandiant Vulnerability Disclosures

PoC:

• N/A

CVE-2021-27766

HCL BigFix Client for Windows contains a local privilege escalation vulnerability prior to version 10.0.6/9.5.19.

References

• HCL Security Bulletin
• Mitre CVE-2021-27766
• Mandiant Vulnerability Disclosures

PoC:

• N/A

CVE-2021-27767

HCL BigFix Console for Windows contains a local privilege escalation vulnerability prior to version 10.0.6/9.5.19.

References

• HCL Security Bulletin
• Mitre CVE-2021-27767
• Mandiant Vulnerability Disclosures

PoC:

• N/A

CVE-2022-22187

Juniper Networks Juniper Identity Management Service (JIMS) for Windows contains a local privilege escalation vulnerability prior to version 1.4.

References

• Juniper Networks Security Bulletin
• Mitre CVE-2022-22187
• Mandiant Vulnerability Disclosures

PoC:

• N/A

CVE-2022-21558

Oracle Crystal Ball for Windows contains a local privilege escalation vulnerability which affected version 11.1.2.0.0 - 11.1.2.4.900.

References

• Oracle Security Advisory
• Mitre CVE-2022-21558
• Mandiant Vulnerability Disclosures

PoC:

• N/A

CVE-2021-25657

Avaya IP Office Admin Lite and USB Creator for Windows contains a local privilege escalation vulnerability which affected version 11.1 FP2 SP1 and earlier.

References

• Avaya Security Advisory
• Mitre CVE-2021-25657
• Mandiant Vulnerability Disclosures

PoC:

• N/A

CVE-2021-41988

Qlik NPrinting Designer for Windows contains a local privilege escalation vulnerability which affected version 21.14.3.0 and earlier.

References

• Qlik Security Advisory
• Mitre CVE-2021-41988
• Mandiant Vulnerability Disclosures

PoC:

• N/A

CVE-2021-41988

Qlik QlikView for Windows contains a local privilege escalation vulnerability which affected version 12.60.20100.0 and earlier.

References

• Qlik Security Advisory
• Mitre CVE-2021-41989
• Mandiant Vulnerability Disclosures

PoC:

• N/A