Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29005 | 1 Rconfig | 1 Rconfig | 2024-08-03 | 8.8 High |
| Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server. | ||||
| CVE-2021-28649 | 2 Microsoft, Trendmicro | 2 Windows, Housecall For Home Networks | 2024-08-03 | 7.3 High |
| An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability. | ||||
| CVE-2021-28271 | 1 Soyal | 3 701clientsql, 701server, 701serversql | 2024-08-03 | 8.8 High |
| Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group. | ||||
| CVE-2021-27193 | 2 Microsoft, Netop | 2 Windows, Vision Pro | 2024-08-03 | 9.8 Critical |
| Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation. | ||||
| CVE-2021-27032 | 1 Autodesk | 1 Licensing Services | 2024-08-03 | 7.8 High |
| Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissions could allow all users on the operating system to modify the service configuration and take ownership of the service. | ||||
| CVE-2021-26804 | 1 Centreon | 1 Centreon Web | 2024-08-03 | 6.5 Medium |
| Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application. | ||||
| CVE-2021-26274 | 1 Ninjarmm | 1 Ninjarmm | 2024-08-03 | 7.1 High |
| The Agent in NinjaRMM 5.0.909 has Insecure Permissions. | ||||
| CVE-2021-25381 | 2 Google, Samsung | 2 Android, Account | 2024-08-03 | 5.5 Medium |
| Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | ||||
| CVE-2021-25358 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications. | ||||
| CVE-2021-25359 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications. | ||||
| CVE-2021-25355 | 1 Samsung | 1 Notes | 2024-08-03 | 5.5 Medium |
| Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent. | ||||
| CVE-2021-24031 | 1 Facebook | 1 Zstandard | 2024-08-03 | 5.5 Medium |
| In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties. | ||||
| CVE-2021-24032 | 2 Facebook, Redhat | 2 Zstandard, Amq Streams | 2024-08-03 | 4.7 Medium |
| Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. | ||||
| CVE-2021-22817 | 1 Schneider-electric | 73 Hmibmiea5dd1001, Hmibmiea5dd1001 Firmware, Hmibmiea5dd100a and 70 more | 2024-08-03 | 7.8 High |
| A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1) | ||||
| CVE-2021-22571 | 1 Google | 1 Sa360 Webquery To Bigquery Exporter | 2024-08-03 | 5.5 Medium |
| A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above. | ||||
| CVE-2021-22475 | 1 Huawei | 2 Emui, Magic Ui | 2024-08-03 | 5.3 Medium |
| There is an Improper permission management vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-22538 | 1 Google | 1 Exposure Notifications Verification Server | 2024-08-03 | 6.3 Medium |
| A privilege escalation vulnerability impacting the Google Exposure Notification Verification Server (versions prior to 0.23.1), allows an attacker who (1) has UserWrite permissions and (2) is using a carefully crafted request or malicious proxy, to create another user with higher privileges than their own. This occurs due to insufficient checks on the allowed set of permissions. The new user creation event would be captured in the Event Log. | ||||
| CVE-2021-22368 | 1 Huawei | 2 Emui, Magic Ui | 2024-08-03 | 7.5 High |
| There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device. | ||||
| CVE-2021-22371 | 1 Huawei | 2 Emui, Magic Ui | 2024-08-03 | 7.5 High |
| There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-22346 | 1 Huawei | 2 Emui, Magic Ui | 2024-08-03 | 5.3 Medium |
| There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits. | ||||