Total
1333 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35449 | 1 Lexmark | 4 G2 Driver, G3 Driver, G4 Driver and 1 more | 2024-08-04 | 7.8 High |
| The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM. | ||||
| CVE-2021-35202 | 1 Netscout | 1 Ngeniusone | 2024-08-04 | 4.3 Medium |
| NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService. | ||||
| CVE-2021-34485 | 2 Microsoft, Redhat | 7 .net, .net Core, Powershell Core and 4 more | 2024-08-04 | 5 Medium |
| .NET Core and Visual Studio Information Disclosure Vulnerability | ||||
| CVE-2021-34410 | 1 Zoom | 1 Zoom Plugin For Microsoft Outlook | 2024-08-04 | 7.8 High |
| A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root. | ||||
| CVE-2021-34110 | 1 Nica | 1 Winwaste.net | 2024-08-04 | 7.8 High |
| WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges. | ||||
| CVE-2021-33586 | 1 Inspircd | 1 Inspircd | 2024-08-03 | 4.3 Medium |
| InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue. | ||||
| CVE-2021-33509 | 1 Plone | 1 Plone | 2024-08-03 | 9.9 Critical |
| Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | ||||
| CVE-2021-33093 | 1 Intel | 3 Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710, Nuc M15 Laptop Kit Serial Io Driver Pack | 2024-08-03 | 7.8 High |
| Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Serial IO driver pack before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-33094 | 1 Intel | 3 Nuc M15 Laptop Kit Keyboard Led Service Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2024-08-03 | 7.8 High |
| Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-33091 | 1 Intel | 3 Nuc M15 Laptop Kit Audio Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2024-08-03 | 7.8 High |
| Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-32760 | 3 Fedoraproject, Linuxfoundation, Redhat | 4 Fedora, Containerd, Openstack and 1 more | 2024-08-03 | 5 Medium |
| containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host’s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. | ||||
| CVE-2021-32729 | 1 Xwiki | 1 Xwiki | 2024-08-03 | 2 Low |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script rights and does not require Programming rights. An attacher with script rights who is able to reset the authentication failure record might perform a brute force attack, since they would be able to virtually deactivate the mechanism introduced to mitigate those attacks. The problem has been patched in version 12.6.8, 12.10.4 and 13.0. There are no workarounds aside from upgrading. | ||||
| CVE-2021-32717 | 1 Shopware | 1 Shopware | 2024-08-03 | 7.5 High |
| Shopware is an open source eCommerce platform. In versions prior to 6.4.1.1 private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibility must be at the same level as `type`. When the Storage is saved on Amazon AWS we recommending disabling public access to the bucket containing the private files: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html. Otherwise, update to Shopware 6.4.1.1 or install or update the Security plugin (https://store.shopware.com/en/detail/index/sArticle/518463/number/Swag136939272659) and run the command `./bin/console s3:set-visibility` to correct your cloud file visibilities. | ||||
| CVE-2021-32577 | 1 Acronis | 1 True Image | 2024-08-03 | 7.8 High |
| Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions. | ||||
| CVE-2021-32463 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2024-08-03 | 7.8 High |
| An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a local attacker to escalate privileges and delete files with system privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-32460 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2021 | 2024-08-03 | 7.8 High |
| The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability. | ||||
| CVE-2021-32101 | 1 Open-emr | 1 Openemr | 2024-08-03 | 8.2 High |
| The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient. | ||||
| CVE-2021-32056 | 2 Cyrus, Fedoraproject | 2 Imap, Fedora | 2024-08-03 | 4.3 Medium |
| Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. | ||||
| CVE-2021-31929 | 1 Annexcloud | 1 Loyalty Experience Platform | 2024-08-03 | 4.3 Medium |
| Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals. | ||||
| CVE-2021-31907 | 1 Jetbrains | 1 Teamcity | 2024-08-03 | 5.3 Medium |
| In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. | ||||