Total
949 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36363 | 1 Nagios | 1 Nagios Xi | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. | |||||
| CVE-2021-28271 | 1 Soyal | 3 701clientsql, 701server, 701serversql | 2021-09-23 | 6.5 MEDIUM | 8.8 HIGH |
| Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group. | |||||
| CVE-2021-30750 | 1 Apple | 1 Macos | 2021-09-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user's recent contacts. | |||||
| CVE-2021-33214 | 1 Hms-networks | 1 Ecatcher | 2021-09-21 | 6.0 MEDIUM | 6.1 MEDIUM |
| In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation. | |||||
| CVE-2021-34395 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2021-09-20 | 4.6 MEDIUM | 4.2 MEDIUM |
| Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service. | |||||
| CVE-2021-1831 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files. | |||||
| CVE-2016-6914 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2021-09-13 | 7.2 HIGH | 7.8 HIGH |
| Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. | |||||
| CVE-2015-7378 | 1 Watchguard | 1 Panda Url Filtering | 2021-09-09 | 7.2 HIGH | 7.8 HIGH |
| Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. | |||||
| CVE-2016-3943 | 1 Watchguard | 1 Panda Endpoint Administration Agent | 2021-09-09 | 7.2 HIGH | 7.8 HIGH |
| Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. | |||||
| CVE-2021-39274 | 1 Xerosecurity | 1 Sn1per | 2021-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during installation, allowing an unprivileged user to modify the main application and the application configuration file. This results in arbitrary code execution with root privileges. | |||||
| CVE-2021-39273 | 1 Xerosecurity | 1 Sn1per | 2021-08-26 | 9.0 HIGH | 8.8 HIGH |
| In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application execution, allowing an unprivileged user to modify the application, modules, and configuration files. This leads to arbitrary code execution with root privileges. | |||||
| CVE-2021-37351 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server. | |||||
| CVE-2021-36795 | 1 Cohesity | 1 Linux Agent | 2021-08-16 | 4.4 MEDIUM | 7.8 HIGH |
| A permission issue in the Cohesity Linux agent may allow privilege escalation in version 6.5.1b to 6.5.1d-hotfix10, 6.6.0a to 6.6.0b-hotfix1. An underprivileged linux user, if certain environment criteria are met, can gain additional privileges. | |||||
| CVE-2021-35312 | 1 Gestionaleamica | 1 Amica Prodigy | 2021-08-14 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges. | |||||
| CVE-2021-22295 | 1 Huawei | 1 Harmonyos | 2021-08-13 | 2.1 LOW | 5.5 MEDIUM |
| A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler. | |||||
| CVE-2021-32464 | 1 Trendmicro | 2 Apex One, Officescan | 2021-08-12 | 7.2 HIGH | 7.8 HIGH |
| An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-5353 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2021-08-06 | 9.0 HIGH | 8.8 HIGH |
| The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system. | |||||
| CVE-2020-26180 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2021-08-06 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols. | |||||
| CVE-2020-29503 | 1 Dell | 1 Emc Powerstore | 2021-08-02 | 2.1 LOW | 4.4 MEDIUM |
| Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory. | |||||
| CVE-2020-25593 | 1 Acronis | 1 True Image | 2021-07-28 | 7.2 HIGH | 6.7 MEDIUM |
| Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. | |||||