Total
1509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1697 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-03-04 | 7.2 HIGH | 7.8 HIGH |
| Windows InstallService Elevation of Privilege Vulnerability | |||||
| CVE-2021-24092 | 1 Microsoft | 12 Endpoint Protection, Security Essentials, System Center Endpoint Protection and 9 more | 2021-03-04 | 4.6 MEDIUM | 7.8 HIGH |
| Microsoft Defender Elevation of Privilege Vulnerability | |||||
| CVE-2021-24102 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-03-04 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-24103. | |||||
| CVE-2021-1698 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-03-03 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1732. | |||||
| CVE-2021-1727 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-03-03 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2021-1728 | 1 Microsoft | 1 System Center Operations Manager | 2021-03-03 | 6.5 MEDIUM | 8.8 HIGH |
| System Center Operations Manager Elevation of Privilege Vulnerability | |||||
| CVE-2021-24096 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-03-03 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-1733 | 1 Microsoft | 1 Psexec | 2021-03-03 | 4.6 MEDIUM | 7.8 HIGH |
| Sysinternals PsExec Elevation of Privilege Vulnerability | |||||
| CVE-2021-1682 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-03-01 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-26594 | 1 Rangerstudio | 1 Directus | 2021-03-01 | 6.5 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-25630 | 1 Collaboraoffice | 1 Online | 2021-02-26 | 7.2 HIGH | 7.8 HIGH |
| "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges. | |||||
| CVE-2020-29031 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2021-02-26 | 5.5 MEDIUM | 8.1 HIGH |
| An Insecure Direct Object Reference vulnerability exists in the web UI of the GateManager which allows an authenticated attacker to reset the password of any user in its domain or any sub-domain, via escalation of privileges. This issue affects all GateManager versions prior to 9.2c | |||||
| CVE-2020-10384 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2021-02-19 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account. | |||||
| CVE-2021-26936 | 1 Replaysorcery Project | 1 Replaysorcery | 2021-02-16 | 7.2 HIGH | 7.8 HIGH |
| The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations. | |||||
| CVE-2021-23876 | 1 Mcafee | 1 Total Protection | 2021-02-16 | 7.2 HIGH | 7.8 HIGH |
| Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware. | |||||
| CVE-2021-0327 | 1 Google | 1 Android | 2021-02-12 | 7.2 HIGH | 7.8 HIGH |
| In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-172935267 | |||||
| CVE-2021-0336 | 1 Google | 1 Android | 2021-02-12 | 7.2 HIGH | 7.8 HIGH |
| In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-158219161 | |||||
| CVE-2021-23882 | 1 Mcafee | 1 Endpoint Security | 2021-02-11 | 1.9 LOW | 4.4 MEDIUM |
| Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade. | |||||
| CVE-2021-23880 | 1 Mcafee | 1 Endpoint Security | 2021-02-11 | 2.1 LOW | 4.4 MEDIUM |
| Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters. | |||||
| CVE-2021-23874 | 1 Mcafee | 1 Total Protection | 2021-02-11 | 4.6 MEDIUM | 7.8 HIGH |
| Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. | |||||