Total
1340 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42011 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.8 High |
| An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-41652 | 1 Batflat | 1 Batflat | 2024-11-21 | 7.5 High |
| Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. | ||||
| CVE-2021-41637 | 1 Melag | 1 Ftp Server | 2024-11-21 | 7.1 High |
| Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users. | ||||
| CVE-2021-41635 | 2 Melag, Microsoft | 2 Ftp Server, Windows | 2024-11-21 | 8.8 High |
| When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. | ||||
| CVE-2021-40904 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 8.8 High |
| The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator. | ||||
| CVE-2021-40123 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 4.3 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to download files that should be restricted. | ||||
| CVE-2021-40059 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 6.5 Medium |
| There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2021-40053 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 9.1 Critical |
| There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity. | ||||
| CVE-2021-40049 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization. | ||||
| CVE-2021-40004 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-3948 | 2 Konveyor, Redhat | 4 Mig-controller, Enterprise Linux, Migration Toolkit and 1 more | 2024-11-21 | 6.3 Medium |
| An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster. | ||||
| CVE-2021-3917 | 1 Redhat | 2 Coreos-installer, Openshift | 2024-11-21 | 5.5 Medium |
| A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2021-3722 | 1 Lenovo | 1 Pcmanager | 2024-11-21 | 5 Medium |
| A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. | ||||
| CVE-2021-3720 | 1 Lenovo | 4 Legion Phone2 Pro \(l70081\), Legion Phone2 Pro \(l70081\) Firmware, Legion Phone Pro \(l79031\) and 1 more | 2024-11-21 | 5.5 Medium |
| An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data. | ||||
| CVE-2021-3701 | 1 Redhat | 1 Ansible Runner | 2024-11-21 | 6.6 Medium |
| A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity. | ||||
| CVE-2021-3579 | 1 Bitdefender | 2 Endpoint Security Tools, Total Security | 2024-11-21 | 7.8 High |
| Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65. | ||||
| CVE-2021-3462 | 1 Lenovo | 125 Power Management Driver, Thinkpad 11e Gen 5, Thinkpad 11e Yoga Gen 6 and 122 more | 2024-11-21 | 5.5 Medium |
| A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object. | ||||
| CVE-2021-3451 | 1 Lenovo | 1 Pcmanager | 2024-11-21 | 5.5 Medium |
| A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations. | ||||
| CVE-2021-3394 | 1 Millewin | 1 Millewin | 2024-11-21 | 8.8 High |
| Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has insecure folder permissions allowing a malicious user for a local privilege escalation. | ||||
| CVE-2021-3155 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2024-11-21 | 3.8 Low |
| snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 | ||||