Total
1727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23999 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-04-26 | 6.8 MEDIUM | 8.8 HIGH |
| If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | |||||
| CVE-2021-27483 | 1 Zoll | 1 Defibrillator Dashboard | 2022-04-25 | 4.6 MEDIUM | 7.8 HIGH |
| ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user. | |||||
| CVE-2021-33697 | 1 Sap | 1 Businessobjects Business Intelligence | 2022-04-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||
| CVE-2021-3576 | 1 Bitdefender | 2 Endpoint Security Tools, Total Security | 2022-04-25 | 7.2 HIGH | 7.8 HIGH |
| Execution with Unnecessary Privileges vulnerability in Bitdefender Endpoint Security Tools, Total Security allows a local attacker to elevate to 'NT AUTHORITY\System. Impersonation enables the server thread to perform actions on behalf of the client but within the limits of the client's security context. This issue affects: Bitdefender Endpoint Security Tools versions prior to 7.2.1.65. Bitdefender Total Security versions prior to 25.0.26. | |||||
| CVE-2018-14787 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2022-04-22 | 4.6 MEDIUM | 7.8 HIGH |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. | |||||
| CVE-2020-16238 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-04-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. | |||||
| CVE-2022-1332 | 1 Mattermost | 1 Mattermost Server | 2022-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents. | |||||
| CVE-2022-23160 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to gaining write permissions on read-only files. | |||||
| CVE-2021-39807 | 1 Google | 1 Android | 2022-04-20 | 7.2 HIGH | 7.8 HIGH |
| In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-209446496 | |||||
| CVE-2022-27840 | 1 Samsung | 1 Recovery | 2022-04-19 | 3.6 LOW | 4.4 MEDIUM |
| Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission. | |||||
| CVE-2021-39797 | 1 Google | 1 Android | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104 | |||||
| CVE-2022-22257 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
| The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. | |||||
| CVE-2016-1575 | 2 Canonical, Linux | 4 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 1 more | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. | |||||
| CVE-2016-2853 | 1 Linux | 1 Linux Kernel | 2022-04-18 | 4.4 MEDIUM | 7.8 HIGH |
| The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. | |||||
| CVE-2021-36290 | 1 Dell | 10 Emc Unity Operating Environment, Vnx5200, Vnx5400 and 7 more | 2022-04-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges. | |||||
| CVE-2021-36293 | 1 Dell | 10 Emc Unity Operating Environment, Vnx5200, Vnx5400 and 7 more | 2022-04-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges. | |||||
| CVE-2022-26676 | 1 Aenrich | 1 A\+hrd | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. | |||||
| CVE-2019-6287 | 1 Suse | 1 Rancher | 2022-04-13 | 6.5 MEDIUM | 8.1 HIGH |
| In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. | |||||
| CVE-2022-26251 | 1 Synametrics | 1 Synaman | 2022-04-13 | 9.0 HIGH | 7.2 HIGH |
| The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | |||||
| CVE-2021-39772 | 1 Google | 1 Android | 2022-04-06 | 5.8 MEDIUM | 8.8 HIGH |
| In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-181962322 | |||||