Total
218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38553 | 1 Hashicorp | 1 Vault | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0. | |||||
| CVE-2021-37086 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across the UID sandbox. | |||||
| CVE-2021-37056 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. | |||||
| CVE-2021-37044 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-37006 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. | |||||
| CVE-2021-35079 | 1 Qualcomm | 122 Apq8053, Apq8053 Firmware, Aqt1000 and 119 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-33990 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
| Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized user can upload a file. | |||||
| CVE-2021-32465 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-30912 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access to a user's Keychain items. | |||||
| CVE-2021-30827 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges. | |||||
| CVE-2021-30482 | 1 Jetbrains | 1 Upsource | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly | |||||
| CVE-2021-30279 | 1 Qualcomm | 124 Ar8035, Ar8035 Firmware, Qca6390 and 121 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-29971 | 1 Mozilla | 1 Firefox | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90. | |||||
| CVE-2021-23963 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing state in the user interface, leading to loss of control over the currently granted permission. This vulnerability affects Firefox < 85. | |||||
| CVE-2021-22382 | 1 Huawei | 4 E3372, E3372 Firmware, E8372 and 1 more | 2024-11-21 | 4.4 MEDIUM | 6.5 MEDIUM |
| Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00. | |||||
| CVE-2021-22137 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. | |||||
| CVE-2021-21735 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. | |||||
| CVE-2021-21379 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 3.5 LOW | 7.7 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inject scripts through it and they will be executed with the rights of the wiki macro (very often a user which has Programming rights). Fortunately, no such macro exists by default in XWiki Standard but one could have been created or installed with an extension. This vulnerability has been patched in versions XWiki 12.6.3, 11.10.11 and 12.8-rc-1. There is no easy workaround other than disabling the affected macros. Inserting content in a safe way or knowing what is the user who called the wiki macro is not easy. | |||||
| CVE-2021-20263 | 1 Qemu | 1 Qemu | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. | |||||
| CVE-2021-0953 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278 | |||||