Total
2561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34514 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-34511 | 1 Microsoft | 6 Windows 10, Windows 7, Windows Server 2008 and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Installer Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-34493 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Windows Partition Management Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-34488 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Console Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-34483 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Print Spooler Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-34477 | 1 Microsoft | 2 .net Education Bundle Sdk Install Tool, .net Install Tool For Extension Authors | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-34471 | 1 Microsoft | 1 Malware Protection Engine | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Microsoft Windows Defender Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-34461 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-34460 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Storage Spaces Controller Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-34459 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows AppContainer Elevation Of Privilege Vulnerability
|
|||||
| CVE-2021-34456 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-34455 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows File History Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-34412 | 1 Zoom | 1 Meetings | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.
|
|||||
| CVE-2021-34411 | 1 Zoom | 1 Rooms | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.
|
|||||
| CVE-2021-33751 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.6 MEDIUM | 7.0 HIGH |
|
Storage Spaces Controller Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-33697 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
|
|||||
| CVE-2021-33538 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.
|
|||||
| CVE-2021-33526 | 1 Mbconnectline | 1 Mbdialup | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service.
|
|||||
| CVE-2021-33505 | 1 Falco | 1 Falco | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1.
|
|||||
| CVE-2021-33356 | 1 Raspap | 1 Raspap | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges.
|
|||||
| CVE-2021-31969 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-31961 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
|
Windows InstallService Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-31954 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-31847 | 1 Mcafee | 1 Agent | 2024-11-21 | 6.9 MEDIUM | 8.2 HIGH |
|
Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.
|
|||||
| CVE-2021-31839 | 1 Mcafee | 1 Agent | 2024-11-21 | 2.1 LOW | 4.8 MEDIUM |
|
Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server.
|
|||||
| CVE-2021-31836 | 1 Mcafee | 1 Mcafee Agent | 2024-11-21 | 3.6 LOW | 5.6 MEDIUM |
|
Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.
|
|||||
| CVE-2021-31833 | 1 Mcafee | 1 Application And Change Control | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
|
Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run.
|
|||||
| CVE-2021-31581 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2024-11-21 | 2.1 LOW | 7.9 HIGH |
|
The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later).
|
|||||
| CVE-2021-31523 | 1 Xscreensaver Project | 1 Xscreensaver | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency.
|
|||||
| CVE-2021-31360 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
|
An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, whi ...
Show More |
|||||
| CVE-2021-31359 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' com ...
Show More |
|||||
| CVE-2021-31350 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 9.0 HIGH | 7.5 HIGH |
|
An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit (JET) API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the targeted system. The issue is caused by the JET service daemon (jsd) process authenticating the user, then passing configuration operations directly to the management daemon (mgd) process, which runs ...
Show More |
|||||
| CVE-2021-31169 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Container Manager Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-31168 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Container Manager Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-30479 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
|
|||||
| CVE-2021-30478 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation.
|
|||||
| CVE-2021-30355 | 1 Amazon | 2 Kindle, Kindle Firmware | 2024-11-21 | 9.3 HIGH | 8.6 HIGH |
|
Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.
|
|||||
| CVE-2021-30152 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.
|
|||||
| CVE-2021-29951 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affe ...
Show More |
|||||
| CVE-2021-29802 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
|
|||||