Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44019 | 1 Trendmicro | 1 Worry-free Business Security | 2021-12-06 | 7.2 HIGH | 7.8 HIGH |
| An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44020 and 44021. | |||||
| CVE-2021-44020 | 1 Trendmicro | 1 Worry-free Business Security | 2021-12-06 | 7.2 HIGH | 7.8 HIGH |
| An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44021. | |||||
| CVE-2021-44021 | 1 Trendmicro | 1 Worry-free Business Security | 2021-12-06 | 7.2 HIGH | 7.8 HIGH |
| An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to but not identical to CVE-2021-44019 and 44020. | |||||
| CVE-2021-27657 | 1 Johnsoncontrols | 1 Metasys | 2021-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions. | |||||
| CVE-2021-43211 | 1 Microsoft | 1 Windows 10 Update Assistant | 2021-11-29 | 6.6 MEDIUM | 7.1 HIGH |
| Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42297. | |||||
| CVE-2021-35052 | 1 Kaspersky | 1 Password Manager | 2021-11-29 | 4.6 MEDIUM | 7.8 HIGH |
| A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. | |||||
| CVE-2021-41322 | 1 Polycom | 4 Vvx 400, Vvx 400 Firmware, Vvx 410 and 1 more | 2021-11-28 | 6.5 MEDIUM | 8.8 HIGH |
| Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. | |||||
| CVE-2021-36307 | 1 Dell | 1 Networking Os10 | 2021-11-23 | 8.5 HIGH | 8.8 HIGH |
| Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system. | |||||
| CVE-2021-0655 | 2 Google, Mediatek | 8 Android, Mt6873, Mt6875 and 5 more | 2021-11-19 | 4.6 MEDIUM | 6.7 MEDIUM |
| In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05673424; Issue ID: ALPS05673424. | |||||
| CVE-2021-33089 | 1 Intel | 4 Nuc Hdmi Firmware Update Tool, Nuc Kit Nuc8i3be, Nuc Kit Nuc8i5be and 1 more | 2021-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-42956 | 2 Microsoft, Zoho | 2 Windows, Manageengine Remote Access Plus Server | 2021-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more. | |||||
| CVE-2020-15248 | 1 Octobercms | 1 October | 2021-11-18 | 4.6 MEDIUM | 4.2 MEDIUM |
| October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user has. This means that a user with "Publisher" access has the ability to escalate their access to "Developer" access. Issue has been patched in Build 470 (v1.0.470) & v1.1.1. | |||||
| CVE-2021-42319 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2021-11-15 | 2.1 LOW | 5.5 MEDIUM |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2021-42322 | 1 Microsoft | 1 Visual Studio Code | 2021-11-15 | 4.6 MEDIUM | 7.8 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability | |||||
| CVE-2021-42303 | 1 Microsoft | 1 Azure Real Time Operating System | 2021-11-15 | 7.2 HIGH | 6.8 MEDIUM |
| Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42304. | |||||
| CVE-2019-18916 | 1 Hp | 10 Color Laserjet Pro Mfp M277 B3q10a, Color Laserjet Pro Mfp M277 B3q10a Firmware, Color Laserjet Pro Mfp M277 B3q10v and 7 more | 2021-11-15 | 4.6 MEDIUM | 7.8 HIGH |
| A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client. | |||||
| CVE-2021-42304 | 1 Microsoft | 1 Azure Real Time Operating System | 2021-11-15 | 7.2 HIGH | 6.8 MEDIUM |
| Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42303. | |||||
| CVE-2021-42302 | 1 Microsoft | 1 Azure Real Time Operating System | 2021-11-15 | 7.2 HIGH | 6.8 MEDIUM |
| Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42303, CVE-2021-42304. | |||||
| CVE-2021-41377 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-11-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-41379 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2021-11-12 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||