Total
1799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27518 | 1 Windscribe | 1 Windscribe | 2021-05-11 | 7.2 HIGH | 7.8 HIGH |
| All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM. | |||||
| CVE-2020-27519 | 1 Pritunl | 1 Pritunl-client-electron | 2021-05-11 | 7.2 HIGH | 7.8 HIGH |
| Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM. | |||||
| CVE-2020-28008 | 1 Exim | 1 Exim | 2021-05-10 | 7.2 HIGH | 7.8 HIGH |
| Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution. | |||||
| CVE-2021-31523 | 1 Xscreensaver Project | 1 Xscreensaver | 2021-04-29 | 7.2 HIGH | 7.8 HIGH |
| The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency. | |||||
| CVE-2021-0255 | 1 Juniper | 1 Junos | 2021-04-28 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability in ethtraceroute of Juniper Networks Junos OS may allow a locally authenticated user with shell access to escalate privileges and write to the local filesystem as root. ethtraceroute is shipped with setuid permissions enabled and is owned by the root user, allowing local users to run ethtraceroute with root privileges. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D240; 17.3 versions prior to 17.3R3-S11, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R2, 20.1R3; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1. | |||||
| CVE-2021-0256 | 1 Juniper | 1 Junos | 2021-04-28 | 2.1 LOW | 5.5 MEDIUM |
| A sensitive information disclosure vulnerability in the mosquitto message broker of Juniper Networks Junos OS may allow a locally authenticated user with shell access the ability to read portions of sensitive files, such as the master.passwd file. Since mosquitto is shipped with setuid permissions enabled and is owned by the root user, this vulnerability may allow a local privileged user the ability to run mosquitto with root privileges and access sensitive information stored on the local filesystem. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S12, 17.4 versions prior to 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.3 versions prior to 18.3R3-S4; 19.1 versions prior to 19.1R3-S4; 19.3 versions prior to 19.3R3-S1, 19.3R3-S2; 19.4 versions prior to 19.4R2-S3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2, 20.2R3. | |||||
| CVE-2021-25363 | 1 Google | 1 Android | 2021-04-26 | 3.6 LOW | 6.1 MEDIUM |
| An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files. | |||||
| CVE-2021-25362 | 1 Google | 1 Android | 2021-04-26 | 3.6 LOW | 6.1 MEDIUM |
| An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files. | |||||
| CVE-2020-15390 | 1 Pega | 1 Pega Platform | 2021-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo. | |||||
| CVE-2021-27394 | 1 Mendix | 1 Mendix | 2021-04-22 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges. | |||||
| CVE-2021-21981 | 1 Vmware | 1 Nsx-t Data Center | 2021-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. | |||||
| CVE-2021-25377 | 2 Google, Samsung | 2 Android, Experience Service | 2021-04-21 | 4.6 MEDIUM | 7.8 HIGH |
| Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action. | |||||
| CVE-2008-2271 | 1 Site Documentation Project | 1 Site Documentation | 2021-04-19 | 5.0 MEDIUM | N/A |
| The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database. | |||||
| CVE-2021-20334 | 2 Microsoft, Mongodb | 2 Windows, Compass | 2021-04-14 | 4.6 MEDIUM | 7.8 HIGH |
| A malicious 3rd party with local access to the Windows machine where MongoDB Compass is installed can execute arbitrary software with the privileges of the user who is running MongoDB Compass. This issue affects: MongoDB Inc. MongoDB Compass 1.x version 1.3.0 on Windows and later versions; 1.x versions prior to 1.25.0 on Windows. | |||||
| CVE-2021-20021 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2021-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | |||||
| CVE-2018-9022 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. | |||||
| CVE-2018-9021 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. | |||||
| CVE-2021-26758 | 1 Litespeedtech | 1 Openlitespeed | 2021-04-12 | 9.0 HIGH | 8.8 HIGH |
| Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system. | |||||
| CVE-2021-1787 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-09 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges. | |||||
| CVE-2018-19635 | 2 Broadcom, Ca | 2 Service Desk Manager, Service Desk Manager | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. | |||||