Total
906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33062 | 1 Intel | 1 Vtune Profiler | 2021-11-22 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33088 | 1 Intel | 3 Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2021-11-22 | 7.2 HIGH | 7.8 HIGH |
| Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0065 | 1 Intel | 25 7265, 7265 Firmware, 9260 Firmware and 22 more | 2021-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33092 | 1 Intel | 3 Nuc M15 Laptop Kit Hid Event Filter Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2021-11-19 | 7.2 HIGH | 7.8 HIGH |
| Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33090 | 1 Intel | 4 Nuc10i3fn, Nuc10i5fn, Nuc10i7fn and 1 more | 2021-11-19 | 7.2 HIGH | 7.8 HIGH |
| Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8741 | 1 Intel | 1 Thunderbolt Non-dch Driver | 2021-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-3720 | 1 Lenovo | 4 Legion Phone2 Pro \(l70081\), Legion Phone2 Pro \(l70081\) Firmware, Legion Phone Pro \(l79031\) and 1 more | 2021-11-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data. | |||||
| CVE-2021-43199 | 1 Jetbrains | 1 Teamcity | 2021-11-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient. | |||||
| CVE-2021-38420 | 1 Deltaww | 1 Dialink | 2021-11-05 | 4.6 MEDIUM | 7.8 HIGH |
| Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files. | |||||
| CVE-2021-38379 | 1 Northern.tech | 1 Cfengine | 2021-11-04 | 2.1 LOW | 5.5 MEDIUM |
| The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. | |||||
| CVE-2021-22475 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper permission management vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-36990 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. | |||||
| CVE-2021-36989 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. | |||||
| CVE-2021-37363 | 1 Gestionaleopen | 1 Gestionale Open | 2021-10-28 | 9.3 HIGH | 7.8 HIGH |
| An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues. | |||||
| CVE-2021-42011 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-42055 | 1 Asus | 2 Ux582lr, Ux582lr Firmware | 2021-10-22 | 4.6 MEDIUM | 6.8 MEDIUM |
| ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker. | |||||
| CVE-2021-42098 | 1 Devolutions | 1 Remote Desktop Manager | 2021-10-21 | 6.5 MEDIUM | 8.8 HIGH |
| An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell. | |||||
| CVE-2021-29005 | 1 Rconfig | 1 Rconfig | 2021-10-18 | 9.0 HIGH | 8.8 HIGH |
| Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server. | |||||
| CVE-2021-39886 | 1 Gitlab | 1 Gitlab | 2021-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references. | |||||
| CVE-2021-33923 | 1 Confluent | 1 Cp-ansible | 2021-10-07 | 2.1 LOW | 5.5 MEDIUM |
| Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database). | |||||