Total
1799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25429 | 1 Google | 1 Android | 2021-07-14 | 3.3 LOW | 4.3 MEDIUM |
| Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. | |||||
| CVE-2021-28692 | 1 Xen | 1 Xen | 2021-07-12 | 5.6 MEDIUM | 7.1 HIGH |
| inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded. | |||||
| CVE-2021-25442 | 1 Samsung | 1 Knox Cloud Services | 2021-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication. | |||||
| CVE-2021-27661 | 1 Johnsoncontrols | 2 F4-snc, F4-snc Firmware | 2021-07-07 | 6.5 MEDIUM | 8.8 HIGH |
| Successful exploitation of this vulnerability could give an authenticated Facility Explorer SNC Series Supervisory Controller (F4-SNC) user an unintended level of access to the controller’s file system, allowing them to access or modify system files by sending specifically crafted web messages to the F4-SNC. | |||||
| CVE-2021-35523 | 1 Securepoint | 1 Openvpn-client | 2021-07-02 | 7.2 HIGH | 7.8 HIGH |
| Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file that is executed as privileged user. | |||||
| CVE-2021-0052 | 1 Intel | 1 Computing Improvement Program | 2021-06-24 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default privileges in the Intel(R) Computing Improvement Program before version 2.4.6522 may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2021-34810 | 1 Synology | 1 Download Station | 2021-06-24 | 6.5 MEDIUM | 8.8 HIGH |
| Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-33356 | 1 Raspap | 1 Raspap | 2021-06-21 | 9.0 HIGH | 8.8 HIGH |
| Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges. | |||||
| CVE-2021-25418 | 1 Samsung | 1 Internet | 2021-06-16 | 4.4 MEDIUM | 7.8 HIGH |
| Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | |||||
| CVE-2017-20002 | 1 Debian | 2 Debian Linux, Shadow | 2021-06-07 | 4.6 MEDIUM | 7.8 HIGH |
| The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. | |||||
| CVE-2018-16497 | 1 Versa-networks | 1 Versa Analytics | 2021-06-07 | 7.2 HIGH | 7.8 HIGH |
| In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group. | |||||
| CVE-2020-7523 | 1 Schneider-electric | 2 Modbus Driver Suite, Modbus Serial Driver | 2021-06-04 | 4.4 MEDIUM | 7.8 HIGH |
| Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. | |||||
| CVE-2021-22733 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2021-06-04 | 4.6 MEDIUM | 7.8 HIGH |
| Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder. | |||||
| CVE-2021-22732 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2021-06-04 | 4.6 MEDIUM | 7.8 HIGH |
| Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server. | |||||
| CVE-2021-20713 | 1 Qualitysoft | 1 Qnd | 2021-06-03 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain administrative privileges via unspecified vectors. As a result, sensitive information may be altered/obtained or unintended operations may be performed. | |||||
| CVE-2012-5617 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2021-06-02 | 7.2 HIGH | 7.8 HIGH |
| gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation | |||||
| CVE-2013-4161 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2021-06-02 | 7.2 HIGH | 7.8 HIGH |
| gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. | |||||
| CVE-2020-28904 | 1 Nagios | 1 Fusion | 2021-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code. | |||||
| CVE-2021-24289 | 1 De-baat | 1 Store Locator Plus | 2021-05-24 | 6.5 MEDIUM | 8.8 HIGH |
| There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin. | |||||
| CVE-2020-23128 | 1 Chamilo | 1 Chamilo Lms | 2021-05-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege. | |||||