Total
1021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34395 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2024-11-21 | 4.6 MEDIUM | 3.9 LOW |
| Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service. | |||||
| CVE-2021-34387 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2024-11-21 | 7.2 HIGH | 6.3 MEDIUM |
| The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only. | |||||
| CVE-2021-34182 | 1 Ttyd Project | 1 Ttyd | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions. | |||||
| CVE-2021-34164 | 1 Lizhifaka Project | 1 Lizhifaka | 2024-11-21 | N/A | 8.8 HIGH |
| Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location. | |||||
| CVE-2021-33923 | 1 Confluent | 1 Cp-ansible | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database). | |||||
| CVE-2021-33506 | 1 8x8 | 1 Jitsi Meet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation. | |||||
| CVE-2021-33334 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration. | |||||
| CVE-2021-33333 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs. | |||||
| CVE-2021-33327 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled. | |||||
| CVE-2021-33324 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration. | |||||
| CVE-2021-33214 | 1 Hms-networks | 1 Ecatcher | 2024-11-21 | 6.0 MEDIUM | 6.1 MEDIUM |
| In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation. | |||||
| CVE-2021-33166 | 1 Intel | 1 Retail Experience Tool | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2021-33129 | 1 Intel | 1 Advisor | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33092 | 1 Intel | 3 Nuc M15 Laptop Kit Hid Event Filter Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33090 | 1 Intel | 4 Nuc10i3fn, Nuc10i5fn, Nuc10i7fn and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33088 | 1 Intel | 3 Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33071 | 1 Intel | 1 Oneapi Rendering Toolkit | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33062 | 1 Intel | 1 Vtune Profiler | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33038 | 2 Debian, Hyperkitty Project | 2 Debian Linux, Hyperkitty | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3. | |||||
| CVE-2021-32464 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||