Total
234 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-21643 | 2 Jenkins, Redhat | 3 Config File Provider, Openshift, Rhmt | 2024-08-03 | 6.5 Medium |
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. | ||||
CVE-2021-21645 | 2 Jenkins, Redhat | 3 Config File Provider, Openshift, Rhmt | 2024-08-03 | 4.3 Medium |
Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs. | ||||
CVE-2021-21379 | 1 Xwiki | 1 Xwiki | 2024-08-03 | 7.7 High |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inject scripts through it and they will be executed with the rights of the wiki macro (very often a user which has Programming rights). Fortunately, no such macro exists by default in XWiki Standard but one could have been created or installed with an extension. This vulnerability has been patched in versions XWiki 12.6.3, 11.10.11 and 12.8-rc-1. There is no easy workaround other than disabling the affected macros. Inserting content in a safe way or knowing what is the user who called the wiki macro is not easy. | ||||
CVE-2021-20263 | 1 Qemu | 1 Qemu | 2024-08-03 | 3.3 Low |
A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. | ||||
CVE-2021-3847 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-08-03 | 7.8 High |
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system. | ||||
CVE-2021-3523 | 1 Redhat | 1 Apicast | 2024-08-03 | 7.5 High |
A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. | ||||
CVE-2021-3495 | 2 Netlify, Redhat | 3 Kiali-operator, Openshift Service Mesh, Service Mesh | 2024-08-03 | 8.8 High |
An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2021-3414 | 1 Redhat | 1 Satellite | 2024-08-03 | 8.1 High |
A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality. | ||||
CVE-2021-3418 | 1 Gnu | 1 Grub2 | 2024-08-03 | 6.4 Medium |
If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction of CVE-2020-15705 and only affects grub2 versions prior to 2.06 and upstream and distributions using the shim_lock mechanism. | ||||
CVE-2021-0953 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-184046278 | ||||
CVE-2021-0927 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-189824175 | ||||
CVE-2021-0704 | 1 Google | 1 Android | 2024-08-03 | 5.5 Medium |
In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675 | ||||
CVE-2021-0074 | 1 Intel | 1 Computing Improvement Program | 2024-08-03 | 7.8 High |
Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-48295 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-03 | 7.5 High |
The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). | ||||
CVE-2022-48301 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-03 | 7.5 High |
The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. | ||||
CVE-2022-48296 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-03 | 5.3 Medium |
The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. | ||||
CVE-2022-47637 | 2 Apachefriends, Microsoft | 2 Xampp, Windows | 2024-08-03 | 6.7 Medium |
The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges. | ||||
CVE-2022-47547 | 1 Protocol | 1 Gossipsub | 2024-08-03 | 5.3 Medium |
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages. | ||||
CVE-2022-44020 | 3 Fedoraproject, Opendev, Redhat | 4 Fedora, Sushy-tools, Virtualbmc and 1 more | 2024-08-03 | 5.5 Medium |
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration." | ||||
CVE-2022-43910 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-08-03 | 8.4 High |
IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. IBM X-Force ID: 240908. |