Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36397 | 1 Moodle | 1 Moodle | 2024-08-04 | 5.3 Medium |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | ||||
| CVE-2021-36400 | 1 Moodle | 1 Moodle | 2024-08-04 | 5.3 Medium |
| In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | ||||
| CVE-2021-36365 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 9.8 Critical |
| Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. | ||||
| CVE-2021-36363 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 9.8 Critical |
| Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. | ||||
| CVE-2021-35312 | 1 Gestionaleamica | 1 Amica Prodigy | 2024-08-04 | 7.8 High |
| A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executable "RemoteBackup.Service.exe" has incorrect permissions, allowing a local unprivileged user to replace it with a malicious file that will be executed with "LocalSystem" privileges. | ||||
| CVE-2021-34395 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2024-08-04 | 3.9 Low |
| Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure, a low risk of modifcations to data, and limited denial of service. | ||||
| CVE-2021-34387 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2024-08-04 | 6.3 Medium |
| The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only. | ||||
| CVE-2021-34182 | 1 Ttyd Project | 1 Ttyd | 2024-08-04 | 9.8 Critical |
| An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions. | ||||
| CVE-2021-34164 | 1 Lizhifaka Project | 1 Lizhifaka | 2024-08-04 | 8.8 High |
| Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location. | ||||
| CVE-2021-33923 | 1 Confluent | 1 Cp-ansible | 2024-08-04 | 5.5 Medium |
| Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database). | ||||
| CVE-2021-33506 | 1 8x8 | 1 Jitsi Meet | 2024-08-03 | 7.5 High |
| jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation. | ||||
| CVE-2021-33324 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-08-03 | 4.3 Medium |
| The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration. | ||||
| CVE-2021-33334 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-08-03 | 4.3 Medium |
| The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration. | ||||
| CVE-2021-33333 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-08-03 | 6.3 Medium |
| The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs. | ||||
| CVE-2021-33327 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-08-03 | 4.3 Medium |
| The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled. | ||||
| CVE-2021-33214 | 1 Hms-networks | 1 Ecatcher | 2024-08-03 | 6.1 Medium |
| In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation. | ||||
| CVE-2021-33166 | 1 Intel | 1 Retail Experience Tool | 2024-08-03 | 5.5 Medium |
| Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2021-33129 | 1 Intel | 1 Advisor | 2024-08-03 | 7.8 High |
| Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-33088 | 1 Intel | 3 Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2024-08-03 | 7.8 High |
| Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-33062 | 1 Intel | 1 Vtune Profiler | 2024-08-03 | 7.8 High |
| Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||