Total
1021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32006 | 1 Secomea | 1 Gatemanager | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
| This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files. | |||||
| CVE-2021-31998 | 2 Opensuse, Suse | 4 Backports Sle, Inn, Leap and 1 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2. | |||||
| CVE-2021-31822 | 2 Linux, Octopus | 2 Linux Kernel, Tentacle | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access. | |||||
| CVE-2021-31519 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | |||||
| CVE-2021-31217 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-11-21 | 9.4 HIGH | 9.1 CRITICAL |
| In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM. | |||||
| CVE-2021-31007 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences. | |||||
| CVE-2021-31006 | 1 Apple | 3 Macos, Tvos, Watchos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences. | |||||
| CVE-2021-31000 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information. | |||||
| CVE-2021-30999 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be unable to fully delete browsing history. | |||||
| CVE-2021-30750 | 1 Apple | 1 Macos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user's recent contacts. | |||||
| CVE-2021-30494 | 1 Razer | 1 Synapse | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations). | |||||
| CVE-2021-30493 | 1 Razer | 1 Synapse | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other words, an attacker can create a file in an unintended directory (with some limitations). | |||||
| CVE-2021-30490 | 2 Microsoft, Power-software-download | 2 Windows, Viewpower | 2024-11-21 | N/A | 7.8 HIGH |
| upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation. | |||||
| CVE-2021-29052 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls. | |||||
| CVE-2021-29005 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server. | |||||
| CVE-2021-28649 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | |||||
| CVE-2021-28271 | 1 Soyal | 3 701clientsql, 701server, 701serversql | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group. | |||||
| CVE-2021-27193 | 2 Microsoft, Netop | 2 Windows, Vision Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation. | |||||
| CVE-2021-27032 | 1 Autodesk | 1 Licensing Services | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissions could allow all users on the operating system to modify the service configuration and take ownership of the service. | |||||
| CVE-2021-26804 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application. | |||||