Total
215 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-0704 | 1 Google | 1 Android | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675 | |||||
CVE-2021-41089 | 2 Fedoraproject, Mobyproject | 2 Fedora, Moby | 2024-02-28 | 4.4 MEDIUM | 6.3 MEDIUM |
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. | |||||
CVE-2021-30279 | 1 Qualcomm | 124 Ar8035, Ar8035 Firmware, Qca6390 and 121 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
CVE-2021-32465 | 1 Trendmicro | 2 Apex One, Officescan | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2021-21735 | 1 Zte | 2 Zxhn H168n, Zxhn H168n Firmware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. | |||||
CVE-2020-18890 | 1 Puppycms | 1 Puppycms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php. | |||||
CVE-2020-27383 | 1 Blizzard | 1 Battle.net | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control" | |||||
CVE-2021-22382 | 1 Huawei | 4 E3372, E3372 Firmware, E8372 and 1 more | 2024-02-28 | 4.4 MEDIUM | 6.5 MEDIUM |
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00. | |||||
CVE-2020-15496 | 1 Acronis | 1 True Image | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. | |||||
CVE-2021-3495 | 2 Netlify, Redhat | 2 Kiali-operator, Openshift Service Mesh | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-30482 | 1 Jetbrains | 1 Upsource | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly | |||||
CVE-2021-22137 | 1 Elastic | 1 Elasticsearch | 2024-02-28 | 4.3 MEDIUM | 5.3 MEDIUM |
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. | |||||
CVE-2021-0074 | 1 Intel | 1 Computing Improvement Program | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2021-30912 | 1 Apple | 2 Mac Os X, Macos | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access to a user's Keychain items. | |||||
CVE-2021-38553 | 1 Hashicorp | 1 Vault | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0. | |||||
CVE-2021-29971 | 1 Mozilla | 1 Firefox | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90. | |||||
CVE-2020-12334 | 1 Intel | 1 Advisor Tools | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-12353 | 1 Intel | 1 Data Center Manager | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. | |||||
CVE-2020-5796 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. | |||||
CVE-2020-6564 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page. |