Total
743 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31217 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2021-07-15 | 9.4 HIGH | 9.1 CRITICAL |
| In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM. | |||||
| CVE-2021-26274 | 1 Ninjarmm | 1 Ninjarmm | 2021-07-08 | 3.6 LOW | 7.1 HIGH |
| The Agent in NinjaRMM 5.0.909 has Insecure Permissions. | |||||
| CVE-2021-22346 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits. | |||||
| CVE-2021-22368 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device. | |||||
| CVE-2021-22371 | 1 Huawei | 2 Emui, Magic Ui | 2021-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2020-27358 | 1 Vanderbilt | 1 Redcap | 2021-07-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}. | |||||
| CVE-2021-20490 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2021-06-30 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of service due to insecure file permission settings. IBM X-Force ID: 197791. | |||||
| CVE-2021-21737 | 1 Zte | 2 Zxv10 B860h V5.0, Zxv10 B860h V5.0 Firmware | 2021-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0, V83011303.0010, V83011303.0016 | |||||
| CVE-2021-0106 | 1 Intel | 137 Ipmctl, Xeon Bronze 3204, Xeon Bronze 3206r and 134 more | 2021-06-30 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-34387 | 1 Nvidia | 2 Jetson Linux, Jetson Tx1 | 2021-06-29 | 7.2 HIGH | 6.7 MEDIUM |
| The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with read, write, and execute permissions, which gives write access to kernel code and data that is otherwise mapped read only. | |||||
| CVE-2021-31998 | 2 Opensuse, Suse | 4 Backports Sle, Inn, Leap and 1 more | 2021-06-24 | 7.2 HIGH | 7.8 HIGH |
| A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2. | |||||
| CVE-2021-0143 | 1 Intel | 1 Brand Verification Tool | 2021-06-23 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0058 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2021-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-21736 | 1 Zte | 2 Zxhn Hs562, Zxhn Hs562 Firmware | 2021-06-17 | 8.0 HIGH | 7.2 HIGH |
| A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E | |||||
| CVE-2021-0100 | 1 Intel | 1 Ssd Data Center Tool | 2021-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-26809 | 1 Sap | 1 Commerce Cloud | 2021-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality. | |||||
| CVE-2021-27032 | 1 Autodesk | 1 Licensing Services | 2021-06-17 | 7.2 HIGH | 7.8 HIGH |
| Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissions could allow all users on the operating system to modify the service configuration and take ownership of the service. | |||||
| CVE-2020-27384 | 1 Arena | 1 Guild Wars 2 | 2021-06-16 | 4.6 MEDIUM | 7.8 HIGH |
| The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable. | |||||
| CVE-2020-9451 | 1 Acronis | 1 True Image 2020 | 2021-06-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a (not yet created) log file to anti_ransomware_service.exe. On reboot, this forces the anti_ransomware_service to try to write its log into its own process, crashing in a SHARING VIOLATION. This crash occurs on every reboot. | |||||
| CVE-2020-21342 | 1 Zzcms | 1 Zzcms | 2021-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. | |||||