Total
906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33324 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration. | |||||
| CVE-2021-33327 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled. | |||||
| CVE-2020-5353 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2021-08-06 | 9.0 HIGH | 8.8 HIGH |
| The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system. | |||||
| CVE-2020-26180 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2021-08-06 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols. | |||||
| CVE-2020-29503 | 1 Dell | 1 Emc Powerstore | 2021-08-02 | 2.1 LOW | 4.4 MEDIUM |
| Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory. | |||||
| CVE-2020-25593 | 1 Acronis | 1 True Image | 2021-07-28 | 7.2 HIGH | 6.7 MEDIUM |
| Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. | |||||
| CVE-2019-14510 | 1 Kaseya | 1 Vsa | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed into the local Administrators group of all clients assigned to the LAN Cache. When the assigned client is a Domain Controller, the FSAdminxxxxxxxxx account is created as a domain account and automatically added as a member of the domain BUILTIN\Administrators group. Using the well known Pass-the-Hash techniques, an attacker can use the same FSAdminxxxxxxxxx hash from any LAN Cache client and pass this to a Domain Controller, providing administrative rights to the attacker on any Domain Controller. (Local account Pass-the-Hash mitigations do not protect domain accounts.) | |||||
| CVE-2020-10939 | 1 Phoenixcontact | 1 Pc Worx Srt | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation. | |||||
| CVE-2021-0441 | 1 Google | 1 Android | 2021-07-15 | 4.4 MEDIUM | 7.3 HIGH |
| In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174495520 | |||||
| CVE-2021-0486 | 1 Google | 1 Android | 2021-07-15 | 4.6 MEDIUM | 7.8 HIGH |
| In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-171430330 | |||||
| CVE-2021-31217 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2021-07-15 | 9.4 HIGH | 9.1 CRITICAL |
| In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM. | |||||
| CVE-2021-26274 | 1 Ninjarmm | 1 Ninjarmm | 2021-07-08 | 3.6 LOW | 7.1 HIGH |
| The Agent in NinjaRMM 5.0.909 has Insecure Permissions. | |||||
| CVE-2021-22346 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits. | |||||
| CVE-2021-22368 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device. | |||||
| CVE-2021-22371 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2020-27358 | 1 Vanderbilt | 1 Redcap | 2021-07-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}. | |||||
| CVE-2021-20490 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-06-30 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791. | |||||
| CVE-2021-21737 | 1 Zte | 2 Zxv10 B860h V5.0, Zxv10 B860h V5.0 Firmware | 2021-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016 | |||||
| CVE-2021-0106 | 1 Intel | 137 Ipmctl, Xeon Bronze 3204, Xeon Bronze 3206r and 134 more | 2021-06-30 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-34387 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2021-06-29 | 7.2 HIGH | 6.7 MEDIUM |
| The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only. | |||||