Vulnerabilities (CVE)

Filtered by CWE-281
Total 215 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-0704 1 Google 1 Android 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675
CVE-2021-41089 2 Fedoraproject, Mobyproject 2 Fedora, Moby 2024-02-28 4.4 MEDIUM 6.3 MEDIUM
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.
CVE-2021-30279 1 Qualcomm 124 Ar8035, Ar8035 Firmware, Qca6390 and 121 more 2024-02-28 7.2 HIGH 7.8 HIGH
Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CVE-2021-32465 1 Trendmicro 2 Apex One, Officescan 2024-02-28 6.5 MEDIUM 8.8 HIGH
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2021-21735 1 Zte 2 Zxhn H168n, Zxhn H168n Firmware 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE.
CVE-2020-18890 1 Puppycms 1 Puppycms 2024-02-28 7.5 HIGH 9.8 CRITICAL
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.
CVE-2020-27383 1 Blizzard 1 Battle.net 2024-02-28 4.6 MEDIUM 7.8 HIGH
Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control"
CVE-2021-22382 1 Huawei 4 E3372, E3372 Firmware, E8372 and 1 more 2024-02-28 4.4 MEDIUM 6.5 MEDIUM
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00.
CVE-2020-15496 1 Acronis 1 True Image 2024-02-28 4.6 MEDIUM 7.8 HIGH
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions.
CVE-2021-3495 2 Netlify, Redhat 2 Kiali-operator, Openshift Service Mesh 2024-02-28 6.5 MEDIUM 8.8 HIGH
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-30482 1 Jetbrains 1 Upsource 2024-02-28 5.0 MEDIUM 7.5 HIGH
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly
CVE-2021-22137 1 Elastic 1 Elasticsearch 2024-02-28 4.3 MEDIUM 5.3 MEDIUM
In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
CVE-2021-0074 1 Intel 1 Computing Improvement Program 2024-02-28 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-30912 1 Apple 2 Mac Os X, Macos 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access to a user's Keychain items.
CVE-2021-38553 1 Hashicorp 1 Vault 2024-02-28 2.1 LOW 4.4 MEDIUM
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
CVE-2021-29971 1 Mozilla 1 Firefox 2024-02-28 7.5 HIGH 9.8 CRITICAL
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90.
CVE-2020-12334 1 Intel 1 Advisor Tools 2024-02-28 4.6 MEDIUM 7.8 HIGH
Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-12353 1 Intel 1 Data Center Manager 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access.
CVE-2020-5796 1 Nagios 1 Nagios Xi 2024-02-28 7.2 HIGH 7.8 HIGH
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.
CVE-2020-6564 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.