Total
1255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20423 | 1 Ibm | 1 Cloud Pak For Applications | 2021-07-14 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308. | |||||
| CVE-2021-36129 | 1 Mediawiki | 1 Mediawiki | 2021-07-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata. | |||||
| CVE-2021-0055 | 1 Intel | 8 Lapqc71a, Lapqc71a Firmware, Lapqc71b and 5 more | 2021-06-24 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop Kit LAN Drivers before version 10.42 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-23022 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2021-06-23 | 7.2 HIGH | 7.8 HIGH |
| On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-0102 | 1 Intel | 1 Unite | 2021-06-22 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2018-20008 | 1 Iball | 2 Ib-wrb302n, Ib-wrb302n Firmware | 2021-06-21 | 2.1 LOW | 6.8 MEDIUM |
| iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. | |||||
| CVE-2017-12816 | 1 Kaspersky | 1 Internet Security | 2021-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. | |||||
| CVE-2021-25393 | 1 Google | 1 Android | 2021-06-16 | 2.1 LOW | 5.5 MEDIUM |
| Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. | |||||
| CVE-2021-31929 | 1 Annexcloud | 1 Loyalty Experience Platform | 2021-06-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals. | |||||
| CVE-2021-23021 | 1 F5 | 1 Nginx Controller | 2021-06-11 | 2.1 LOW | 5.5 MEDIUM |
| The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. | |||||
| CVE-2020-1701 | 1 Kubevirt | 1 Kubevirt | 2021-06-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the KubeVirt main virt-handler versions before 0.26.0 regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret. | |||||
| CVE-2018-11053 | 4 Citrix, Dell, Redhat and 1 more | 4 Xenserver, Emc Idrac Service Module, Enterprise Linux and 1 more | 2021-06-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content. | |||||
| CVE-2017-13779 | 1 Gstn | 1 India Goods And Services Tax Network Offline Utility Tool | 2021-06-04 | 7.2 HIGH | 7.8 HIGH |
| GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution. | |||||
| CVE-2021-31475 | 1 Solarwinds | 1 Orion Job Scheduler | 2021-06-03 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability. The specific flaw exists within the JobRouterService WCF service. The issue is due to the WCF service configuration, which allows a critical resource to be accessed by unprivileged users. An attacker can leverage this vulnerability to execute code in the context of an administrator. Was ZDI-CAN-12007. | |||||
| CVE-2020-28909 | 1 Nagios | 1 Fusion | 2021-06-03 | 9.0 HIGH | 8.8 HIGH |
| Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to root via modification of scripts. Low-privileges users are able to modify files that can be executed by sudo. | |||||
| CVE-2017-17677 | 1 Bmc | 1 Remedy Mid-tier | 2021-06-01 | 6.5 MEDIUM | 8.8 HIGH |
| BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code. | |||||
| CVE-2021-33509 | 1 Plone | 1 Plone | 2021-05-24 | 8.5 HIGH | 9.9 CRITICAL |
| Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | |||||
| CVE-2018-12979 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2021-05-20 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM. | |||||
| CVE-2021-20996 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2021-05-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. | |||||
| CVE-2021-31902 | 1 Jetbrains | 1 Youtrack | 2021-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly. | |||||