Total
2002 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22263 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 5.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user account with 'external' status which is granted 'Maintainer' role on any project on the GitLab instance where 'project tokens' are allowed may elevate its privilege to 'Internal' and access Internal projects. | ||||
| CVE-2021-22326 | 1 Huawei | 1 Harmonyos | 2024-08-03 | 7.1 High |
| A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability. | ||||
| CVE-2021-22118 | 4 Netapp, Oracle, Redhat and 1 more | 34 Hci, Management Services For Element Software, Commerce Guided Search and 31 more | 2024-08-03 | 7.8 High |
| In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | ||||
| CVE-2021-21981 | 1 Vmware | 1 Nsx-t Data Center | 2024-08-03 | 7.8 High |
| VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. | ||||
| CVE-2021-21911 | 2 Advantech, Microsoft | 2 R-seenet, Windows | 2024-08-03 | 7.8 High |
| A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-21786 | 1 Iobit | 1 Advanced Systemcare Ultimate | 2024-08-03 | 7.8 High |
| A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2021-21750 | 1 Zte | 1 Zxin10 Cms | 2024-08-03 | 7.8 High |
| ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access. | ||||
| CVE-2021-21430 | 1 Openapi-generator | 1 Openapi Generator | 2024-08-03 | 6.2 Medium |
| OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. Auto-generated code (Java, Scala) that deals with uploading or downloading binary data through API endpoints will create insecure temporary files during the process. Affected generators: `java` (jersey2, okhttp-gson (default library)), `scala-finch`. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version. | ||||
| CVE-2021-21428 | 1 Openapi-generator | 1 Openapi Generator | 2024-08-03 | 9.3 Critical |
| Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version. | ||||
| CVE-2021-20713 | 1 Qualitysoft | 1 Qnd | 2024-08-03 | 7.8 High |
| Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain administrative privileges via unspecified vectors. As a result, sensitive information may be altered/obtained or unintended operations may be performed. | ||||
| CVE-2021-20618 | 1 Acmailer | 2 Acmailer, Acmailer Db | 2024-08-03 | 9.8 Critical |
| Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors. | ||||
| CVE-2021-20208 | 3 Fedoraproject, Redhat, Samba | 3 Fedora, Enterprise Linux, Cifs-utils | 2024-08-03 | 6.1 Medium |
| A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2021-20075 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-08-03 | 7.8 High |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. | ||||
| CVE-2021-20021 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2024-08-03 | 9.8 Critical |
| A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | ||||
| CVE-2021-4314 | 1 Linuxfoundation | 1 Zowe Api Mediation Layer | 2024-08-03 | 5.3 Medium |
| It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesn’t have the APAR PH12143 applied. This issue affects: 1.16 versions to 1.19. What happens is that the services using the ZAAS client or the API ML API to query will be deceived into believing the information in the JWT token is valid when it isn’t. It’s possible to use this to persuade the southbound service that different user is authenticated. | ||||
| CVE-2021-3813 | 1 Chatwoot | 1 Chatwoot | 2024-08-03 | 6.5 Medium |
| Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. | ||||
| CVE-2021-3020 | 1 Clusterlabs | 1 Hawk | 2024-08-03 | 8.8 High |
| An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root. | ||||
| CVE-2021-1853 | 1 Apple | 1 Macos | 2024-08-03 | 7.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A local attacker may be able to elevate their privileges. | ||||
| CVE-2021-1836 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2024-08-03 | 5.5 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, tvOS 14.5. A local user may be able to create or modify privileged files. | ||||
| CVE-2021-1813 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-08-03 | 7.8 High |
| A validation issue was addressed with improved logic. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges. | ||||