Total
1461 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38268 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add and duplicate forms, via the UI or the API.
|
|||||
| CVE-2021-37363 | 1 Gestionaleopen | 1 Gestionale Open | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The applicati ...
Show More |
|||||
| CVE-2021-37351 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server.
|
|||||
| CVE-2021-37289 | 1 Planex | 2 Mzk-dp150n, Mzk-dp150n Firmware | 2024-11-21 | N/A | 7.2 HIGH |
|
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.
|
|||||
| CVE-2021-37132 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission.
|
|||||
| CVE-2021-37103 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
There is an improper permission management vulnerability in the Wallet apps. Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2021-37030 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
|
|||||
| CVE-2021-36990 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.
|
|||||
| CVE-2021-36989 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.
|
|||||
| CVE-2021-36795 | 1 Cohesity | 1 Linux Agent | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can gain additional privileges.
|
|||||
| CVE-2021-36781 | 1 Opensuse | 1 Factory | 2024-11-21 | 3.6 LOW | 5.9 MEDIUM |
|
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.
|
|||||
| CVE-2021-36365 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
|
|||||
| CVE-2021-36363 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.
|
|||||
| CVE-2021-35312 | 1 Gestionaleamica | 1 Amica Prodigy | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges.
|
|||||
| CVE-2021-34395 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2024-11-21 | 4.6 MEDIUM | 3.9 LOW |
|
Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service.
|
|||||
| CVE-2021-34387 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2024-11-21 | 7.2 HIGH | 6.3 MEDIUM |
|
The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only.
|
|||||
| CVE-2021-33923 | 1 Confluent | 1 Cp-ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database).
|
|||||
| CVE-2021-33506 | 1 8x8 | 1 Jitsi Meet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation.
|
|||||
| CVE-2021-33214 | 1 Hms-networks | 1 Ecatcher | 2024-11-21 | 6.0 MEDIUM | 6.1 MEDIUM |
|
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.
|
|||||
| CVE-2021-33092 | 1 Intel | 3 Nuc M15 Laptop Kit Hid Event Filter Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2021-33090 | 1 Intel | 4 Nuc10i3fn, Nuc10i5fn, Nuc10i7fn and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2021-33088 | 1 Intel | 3 Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2021-33071 | 1 Intel | 1 Oneapi Rendering Toolkit | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2021-33062 | 1 Intel | 1 Vtune Profiler | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2021-33038 | 2 Debian, Hyperkitty Project | 2 Debian Linux, Hyperkitty | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3.
|
|||||
| CVE-2021-32725 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 3.5 LOW |
|
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
|
|||||
| CVE-2021-32464 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
|
|||||
| CVE-2021-32006 | 1 Secomea | 1 Gatemanager | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
|
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files.
|
|||||
| CVE-2021-31998 | 2 Opensuse, Suse | 4 Backports Sle, Inn, Leap and 1 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
|
|||||
| CVE-2021-31822 | 2 Linux, Octopus | 2 Linux Kernel, Tentacle | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access.
|
|||||
| CVE-2021-31519 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
|
An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.
|
|||||
| CVE-2021-31217 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-11-21 | 9.4 HIGH | 9.1 CRITICAL |
|
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.
|
|||||
| CVE-2021-31007 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences.
|
|||||
| CVE-2021-31006 | 1 Apple | 3 Macos, Tvos, Watchos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences.
|
|||||
| CVE-2021-31000 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information.
|
|||||
| CVE-2021-30999 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be unable to fully delete browsing history.
|
|||||
| CVE-2021-30750 | 1 Apple | 1 Macos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user's recent contacts.
|
|||||
| CVE-2021-30494 | 1 Razer | 1 Synapse | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).
|
|||||
| CVE-2021-30493 | 1 Razer | 1 Synapse | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations).
|
|||||
| CVE-2021-30490 | 2 Microsoft, Power-software-download | 2 Windows, Viewpower | 2024-11-21 | N/A | 7.8 HIGH |
|
upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.
|
|||||