Search
Total
654 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46086 | 1 Mindskip | 1 Xzs-mysql | 2022-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data. | |||||
| CVE-2021-46085 | 1 Oneblog Project | 1 Oneblog | 2022-01-31 | 4.0 MEDIUM | 6.5 MEDIUM |
| OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority. | |||||
| CVE-2013-4394 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2022-01-31 | 5.9 MEDIUM | N/A |
| The SetX11Keyboard function in systemd, when PolicyKit Local Authority (PKLA) is used to change the group permissions on the X Keyboard Extension (XKB) layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors involving "special and control characters." | |||||
| CVE-2022-22296 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-01-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed. | |||||
| CVE-2022-21704 | 1 Log4js Project | 1 Log4js | 2022-01-27 | 2.1 LOW | 5.5 MEDIUM |
| log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. Users are advised to update. | |||||
| CVE-2021-36781 | 1 Opensuse | 1 Factory | 2022-01-21 | 3.6 LOW | 7.1 HIGH |
| A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1. | |||||
| CVE-2021-1056 | 2 Linux, Nvidia | 2 Linux Kernel, Gpu Driver | 2022-01-18 | 3.6 LOW | 7.1 HIGH |
| NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. | |||||
| CVE-2022-0179 | 1 Snipeitapp | 1 Snipe-it | 2022-01-14 | 4.9 MEDIUM | 5.4 MEDIUM |
| snipe-it is vulnerable to Improper Access Control | |||||
| CVE-2021-45003 | 1 Laundry Booking Management System Project | 1 Laundry Booking Management System | 2022-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload. | |||||
| CVE-2021-39967 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-40004 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-37132 | 1 Huawei | 1 Harmonyos | 2022-01-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission. | |||||
| CVE-2021-45335 | 1 Avast | 1 Antivirus | 2022-01-07 | 7.2 HIGH | 8.8 HIGH |
| Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files. | |||||
| CVE-2021-43326 | 2 Automox, Microsoft | 2 Automox, Windows | 2022-01-05 | 4.6 MEDIUM | 7.8 HIGH |
| Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. | |||||
| CVE-2020-9039 | 1 Couchbase | 1 Couchbase Server | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs. | |||||
| CVE-2020-11867 | 2 Audacityteam, Fedoraproject | 2 Audacity, Fedora | 2022-01-01 | 2.1 LOW | 3.3 LOW |
| Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there. | |||||
| CVE-2021-44858 | 1 Mediawiki | 1 Mediawiki | 2021-12-29 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead. | |||||
| CVE-2021-43325 | 2 Automox, Microsoft | 2 Automox, Windows | 2021-12-17 | 4.6 MEDIUM | 7.8 HIGH |
| Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression. | |||||
| CVE-2021-0979 | 1 Google | 1 Android | 2021-12-17 | 2.1 LOW | 5.5 MEDIUM |
| In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191772737 | |||||
| CVE-2021-0904 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 6.7 MEDIUM |
| In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938. | |||||
| CVE-2021-44833 | 1 Amazon | 1 Aws Opensearch | 2021-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file. | |||||
| CVE-2021-37030 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-42711 | 1 Barracuda | 1 Network Access Client | 2021-12-03 | 7.2 HIGH | 7.8 HIGH |
| Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair operation. | |||||
| CVE-2021-31822 | 2 Linux, Octopus | 2 Linux Kernel, Tentacle | 2021-11-29 | 4.6 MEDIUM | 7.8 HIGH |
| When Octopus Tentacle is installed on a Linux operating system, the systemd service file permissions are misconfigured. This could lead to a local unprivileged user modifying the contents of the systemd service file to gain privileged access. | |||||
| CVE-2021-44140 | 1 Apache | 1 Jspwiki | 2021-11-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later. | |||||
| CVE-2021-3579 | 1 Bitdefender | 2 Endpoint Security Tools, Total Security | 2021-11-28 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect Default Permissions vulnerability in the bdservicehost.exe and Vulnerability.Scan.exe components as used in Bitdefender Endpoint Security Tools for Windows, Total Security allows a local attacker to elevate privileges to NT AUTHORITY\SYSTEM This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 7.2.1.65. | |||||
| CVE-2021-33071 | 1 Intel | 1 Oneapi Rendering Toolkit | 2021-11-22 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33062 | 1 Intel | 1 Vtune Profiler | 2021-11-22 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33088 | 1 Intel | 3 Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2021-11-22 | 7.2 HIGH | 7.8 HIGH |
| Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0065 | 1 Intel | 25 7265, 7265 Firmware, 9260 Firmware and 22 more | 2021-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33092 | 1 Intel | 3 Nuc M15 Laptop Kit Hid Event Filter Driver Pack, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc710 | 2021-11-19 | 7.2 HIGH | 7.8 HIGH |
| Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-33090 | 1 Intel | 4 Nuc10i3fn, Nuc10i5fn, Nuc10i7fn and 1 more | 2021-11-19 | 7.2 HIGH | 7.8 HIGH |
| Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-8741 | 1 Intel | 1 Thunderbolt Non-dch Driver | 2021-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-43199 | 1 Jetbrains | 1 Teamcity | 2021-11-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient. | |||||
| CVE-2021-38420 | 1 Deltaww | 1 Dialink | 2021-11-05 | 4.6 MEDIUM | 7.8 HIGH |
| Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files. | |||||
| CVE-2021-38379 | 1 Northern.tech | 1 Cfengine | 2021-11-04 | 2.1 LOW | 5.5 MEDIUM |
| The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. | |||||
| CVE-2021-22475 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Improper permission management vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-36990 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. | |||||
| CVE-2021-36989 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. | |||||
| CVE-2021-37363 | 1 Gestionaleopen | 1 Gestionale Open | 2021-10-28 | 9.3 HIGH | 7.8 HIGH |
| An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues. | |||||
| CVE-2021-42011 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2021-10-27 | 4.6 MEDIUM | 7.8 HIGH |
| An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2021-40123 | 1 Cisco | 1 Identity Services Engine | 2021-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to download files that should be restricted. | |||||
| CVE-2021-42055 | 1 Asus | 2 Ux582lr, Ux582lr Firmware | 2021-10-22 | 4.6 MEDIUM | 6.8 MEDIUM |
| ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker. | |||||
| CVE-2021-42098 | 1 Devolutions | 1 Remote Desktop Manager | 2021-10-21 | 6.5 MEDIUM | 8.8 HIGH |
| An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell. | |||||
| CVE-2021-29005 | 1 Rconfig | 1 Rconfig | 2021-10-18 | 9.0 HIGH | 8.8 HIGH |
| Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server. | |||||
| CVE-2021-39886 | 1 Gitlab | 1 Gitlab | 2021-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references. | |||||
| CVE-2021-33923 | 1 Confluent | 1 Cp-ansible | 2021-10-07 | 2.1 LOW | 5.5 MEDIUM |
| Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database). | |||||
| CVE-2021-20037 | 1 Sonicwall | 1 Global Vpn Client | 2021-10-05 | 7.2 HIGH | 7.8 HIGH |
| SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier. | |||||
| CVE-2021-36365 | 1 Nagios | 1 Nagios Xi | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh. | |||||
| CVE-2021-36363 | 1 Nagios | 1 Nagios Xi | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php. | |||||