Total
1477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37173 | 1 Siemens | 20 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 and 17 more | 2021-12-14 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device. | |||||
| CVE-2021-37941 | 1 Elastic | 1 Apm Agent | 2021-12-14 | 4.4 MEDIUM | 7.8 HIGH |
| A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of permissions than they possess. This vulnerability affects users that have set up the agent via the attacher cli 3, the attach API 2, as well as users that have enabled the profiling_inferred_spans_enabled option | |||||
| CVE-2021-25513 | 1 Google | 1 Android | 2021-12-10 | 2.1 LOW | 2.4 LOW |
| An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. | |||||
| CVE-2021-44020 | 1 Trendmicro | 1 Worry-free Business Security | 2021-12-06 | 7.2 HIGH | 7.8 HIGH |
| An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021. | |||||
| CVE-2021-44019 | 1 Trendmicro | 1 Worry-free Business Security | 2021-12-06 | 7.2 HIGH | 7.8 HIGH |
| An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021. | |||||
| CVE-2021-44021 | 1 Trendmicro | 1 Worry-free Business Security | 2021-12-06 | 7.2 HIGH | 7.8 HIGH |
| An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020. | |||||
| CVE-2021-27657 | 1 Johnsoncontrols | 1 Metasys | 2021-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions. | |||||
| CVE-2021-35052 | 1 Kaspersky | 1 Password Manager | 2021-11-29 | 4.6 MEDIUM | 7.8 HIGH |
| A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. | |||||
| CVE-2021-36307 | 1 Dell | 1 Networking Os10 | 2021-11-23 | 8.5 HIGH | 8.8 HIGH |
| Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system. | |||||
| CVE-2021-42956 | 2 Microsoft, Zoho | 2 Windows, Manageengine Remote Access Plus Server | 2021-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more. | |||||
| CVE-2020-15248 | 1 Octobercms | 1 October | 2021-11-18 | 4.6 MEDIUM | 4.2 MEDIUM |
| October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user has. This means that a user with "Publisher" access has the ability to escalate their access to "Developer" access. Issue has been patched in Build 470 (v1.0.470) & v1.1.1. | |||||
| CVE-2019-18916 | 1 Hp | 10 Color Laserjet Pro Mfp M277 B3q10a, Color Laserjet Pro Mfp M277 B3q10a Firmware, Color Laserjet Pro Mfp M277 B3q10v and 7 more | 2021-11-15 | 4.6 MEDIUM | 7.8 HIGH |
| A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client. | |||||
| CVE-2021-25508 | 1 Samsung | 1 Smartthings | 2021-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. | |||||
| CVE-2009-0080 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2021-11-08 | 6.9 MEDIUM | N/A |
| The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability." | |||||
| CVE-2021-22376 | 1 Huawei | 1 Harmonyos | 2021-11-05 | 7.2 HIGH | 8.4 HIGH |
| A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions. | |||||
| CVE-2021-41022 | 2 Fortinet, Microsoft | 2 Fortisiem, Windows | 2021-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts | |||||
| CVE-2021-22326 | 1 Huawei | 1 Harmonyos | 2021-11-02 | 6.6 MEDIUM | 7.1 HIGH |
| A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability. | |||||
| CVE-2021-42108 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-42107 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42106. | |||||
| CVE-2021-42106 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-42104, 42105 and 42107. | |||||