Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31839 | 1 Mcafee | 1 Agent | 2021-06-14 | 2.1 LOW | 3.3 LOW |
| Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add false events or remove events from the event logs prior to them being sent to the ePO server. | |||||
| CVE-2017-20002 | 1 Debian | 2 Debian Linux, Shadow | 2021-06-07 | 4.6 MEDIUM | 7.8 HIGH |
| The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges. | |||||
| CVE-2018-16497 | 1 Versa-networks | 1 Versa Analytics | 2021-06-07 | 7.2 HIGH | 7.8 HIGH |
| In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group. | |||||
| CVE-2020-7523 | 1 Schneider-electric | 2 Modbus Driver Suite, Modbus Serial Driver | 2021-06-04 | 4.4 MEDIUM | 7.8 HIGH |
| Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see security notification for versions) which could cause local privilege escalation when the Modbus Serial Driver service is invoked. The driver does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. | |||||
| CVE-2021-22733 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2021-06-04 | 4.6 MEDIUM | 7.8 HIGH |
| Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause shell access when unauthorized code is loaded into the system folder. | |||||
| CVE-2021-22732 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2021-06-04 | 4.6 MEDIUM | 7.8 HIGH |
| Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a code execution issue when an attacker loads unauthorized code on the web server. | |||||
| CVE-2021-20713 | 1 Qualitysoft | 1 Qnd | 2021-06-03 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain administrative privileges via unspecified vectors. As a result, sensitive information may be altered/obtained or unintended operations may be performed. | |||||
| CVE-2012-5617 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2021-06-02 | 7.2 HIGH | 7.8 HIGH |
| gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation | |||||
| CVE-2013-4161 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2021-06-02 | 7.2 HIGH | 7.8 HIGH |
| gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. | |||||
| CVE-2020-28904 | 1 Nagios | 1 Fusion | 2021-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installation of a malicious component containing PHP code. | |||||
| CVE-2021-24289 | 1 De-baat | 1 Store Locator Plus | 2021-05-24 | 6.5 MEDIUM | 8.8 HIGH |
| There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin. | |||||
| CVE-2021-23891 | 1 Mcafee | 1 Total Protection | 2021-05-20 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense. | |||||
| CVE-2021-21428 | 1 Openapi-generator | 1 Openapi Generator | 2021-05-17 | 4.4 MEDIUM | 7.0 HIGH |
| Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version. | |||||
| CVE-2021-1400 | 1 Cisco | 12 Wap125, Wap125 Firmware, Wap131 and 9 more | 2021-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1447 | 1 Cisco | 1 Content Security Management Appliance | 2021-05-14 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials. | |||||
| CVE-2021-31168 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-05-14 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31169, CVE-2021-31208. | |||||
| CVE-2021-31169 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-05-14 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Container Manager Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-31165, CVE-2021-31167, CVE-2021-31168, CVE-2021-31208. | |||||
| CVE-2021-27216 | 1 Exim | 1 Exim | 2021-05-13 | 6.3 MEDIUM | 6.3 MEDIUM |
| Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options. | |||||
| CVE-2019-3475 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2021-05-12 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | |||||
| CVE-2020-23128 | 1 Chamilo | 1 Chamilo Lms | 2021-05-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege. | |||||