Total
1405 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37364 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues. | |||||
| CVE-2021-37207 | 1 Siemens | 1 Sentron Powermanager 3 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | |||||
| CVE-2021-36290 | 1 Dell | 10 Emc Unity Operating Environment, Vnx5200, Vnx5400 and 7 more | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
| Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges. | |||||
| CVE-2021-36281 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges. | |||||
| CVE-2021-36280 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. | |||||
| CVE-2021-36279 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. | |||||
| CVE-2021-36133 | 2 Linaro, Nxp | 7 Op-tee, I.mx6sx, I.mx 6 and 4 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral. | |||||
| CVE-2021-36129 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata. | |||||
| CVE-2021-35508 | 1 Terarecon | 1 Aquariusnet | 2024-11-21 | 8.5 HIGH | 8.8 HIGH |
| NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary service. | |||||
| CVE-2021-35449 | 1 Lexmark | 4 G2 Driver, G3 Driver, G4 Driver and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM. | |||||
| CVE-2021-35248 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings. | |||||
| CVE-2021-35202 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService. | |||||
| CVE-2021-34758 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot. | |||||
| CVE-2021-34410 | 1 Zoom | 1 Zoom Plugin For Microsoft Outlook | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root. | |||||
| CVE-2021-34409 | 1 Zoom | 3 Meetings, Rooms, Screen Sharing | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process. | |||||
| CVE-2021-34110 | 1 Nica | 1 Winwaste.net | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowing a local unprivileged user to replace the executable with a malicious file that will be executed with "LocalSystem" privileges. | |||||
| CVE-2021-33586 | 1 Inspircd | 1 Inspircd | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue. | |||||
| CVE-2021-33509 | 1 Plone | 1 Plone | 2024-11-21 | 8.5 HIGH | 9.9 CRITICAL |
| Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | |||||
| CVE-2021-33094 | 1 Intel | 3 Nuc M15 Laptop Kit Keyboard Led Service Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33093 | 1 Intel | 3 Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710, Nuc M15 Laptop Kit Serial Io Driver Pack | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Serial IO driver pack before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||