Total
2004 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33751 | 1 Microsoft | 10 Windows 10, Windows 10 1607, Windows 10 1809 and 7 more | 2024-08-03 | 7 High |
| Storage Spaces Controller Elevation of Privilege Vulnerability | ||||
| CVE-2021-33697 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-08-03 | 6.1 Medium |
| Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | ||||
| CVE-2021-33505 | 1 Falco | 1 Falco | 2024-08-03 | 7.8 High |
| A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1. | ||||
| CVE-2021-33356 | 1 Raspap | 1 Raspap | 2024-08-03 | 8.8 High |
| Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privileges. | ||||
| CVE-2021-32739 | 2 Debian, Icinga | 2 Debian Linux, Icinga | 2024-08-03 | 8.8 High |
| Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). A ticket, the master node's certificate, and a self-signed certificate are enough to successfully request the desired certificate from Icinga. That certificate may in turn be used to steal an endpoint or API user's identity. Versions 2.12.5 and 2.11.10 both contain a fix the vulnerability. As a workaround, one may either specify queryable types explicitly or filter out ApiListener objects. | ||||
| CVE-2021-31954 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-08-03 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2021-31961 | 1 Microsoft | 9 Windows 10, Windows 10 1809, Windows 10 1909 and 6 more | 2024-08-03 | 6.1 Medium |
| Windows InstallService Elevation of Privilege Vulnerability | ||||
| CVE-2021-31969 | 1 Microsoft | 9 Windows 10, Windows 10 1809, Windows 10 1909 and 6 more | 2024-08-03 | 7.8 High |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||||
| CVE-2021-31833 | 1 Mcafee | 1 Application And Change Control | 2024-08-03 | 7.1 High |
| Potential product security bypass vulnerability in McAfee Application and Change Control (MACC) prior to version 8.3.4 allows a locally logged in attacker to circumvent the application solidification protection provided by MACC, permitting them to run applications that would usually be prevented by MACC. This would require the attacker to rename the specified binary to match name of any configured updater and perform a specific set of steps, resulting in the renamed binary to be to run. | ||||
| CVE-2021-31847 | 1 Mcafee | 1 Agent | 2024-08-03 | 8.2 High |
| Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature. | ||||
| CVE-2021-31836 | 1 Mcafee | 1 Mcafee Agent | 2024-08-03 | 5.6 Medium |
| Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user. | ||||
| CVE-2021-31839 | 1 Mcafee | 1 Agent | 2024-08-03 | 4.8 Medium |
| Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server. | ||||
| CVE-2021-31581 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2024-08-03 | 7.9 High |
| The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be escaped by abusing the 'Edit MySQL Configuration' command. This command launches a standard vi editor interface which can then be escaped. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | ||||
| CVE-2021-31523 | 1 Xscreensaver Project | 1 Xscreensaver | 2024-08-03 | 7.8 High |
| The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency. | ||||
| CVE-2021-31168 | 1 Microsoft | 6 Windows 10, Windows 10 1809, Windows 10 20h2 and 3 more | 2024-08-03 | 7.8 High |
| Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-31169 | 1 Microsoft | 6 Windows 10, Windows 10 1809, Windows 10 20h2 and 3 more | 2024-08-03 | 7.8 High |
| Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
| CVE-2021-30479 | 1 Zulip | 1 Zulip Server | 2024-08-03 | 5.3 Medium |
| An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization. | ||||
| CVE-2021-30478 | 1 Zulip | 1 Zulip Server | 2024-08-03 | 4.3 Medium |
| An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the same Zulip installation. | ||||
| CVE-2021-30355 | 1 Amazon | 2 Kindle, Kindle Firmware | 2024-08-03 | 8.6 High |
| Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root. | ||||
| CVE-2021-30152 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-08-03 | 4.3 Medium |
| An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for. | ||||