Total
1727 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39168 | 1 Openzeppelin | 1 Contracts | 2021-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining. | |||||
| CVE-2019-18822 | 1 Eleveo | 1 Call Recording | 2021-08-27 | 9.0 HIGH | 8.8 HIGH |
| A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the callrec-rs@.service. The callrec-rs@.service starts the /opt/callrec/bin/rs binary with root privileges, and this binary is owned by callrec. It can be replaced by a Trojan horse. | |||||
| CVE-2021-24038 | 1 Oculus | 1 Desktop | 2021-08-27 | 4.6 MEDIUM | 7.8 HIGH |
| Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507. | |||||
| CVE-2021-29802 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | |||||
| CVE-2021-34745 | 1 Cisco | 1 Appdynamics .net Agent | 2021-08-26 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7. | |||||
| CVE-2021-37345 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 4.6 MEDIUM | 7.8 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions. | |||||
| CVE-2021-37627 | 1 Contao | 1 Contao | 2021-08-20 | 6.5 MEDIUM | 7.2 HIGH |
| Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form generator. All users are advised to update to Contao 4.4.56, 4.9.18 or 4.11.7. As a workaround users may disable the form generator or disable the login for untrusted back end users. | |||||
| CVE-2020-24576 | 1 Netskope | 1 Netskope | 2021-08-20 | 9.0 HIGH | 8.8 HIGH |
| Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM. | |||||
| CVE-2021-38140 | 1 Set User Project | 1 Set User | 2021-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation using RESET SESSION AUTHORIZATION after set_user(). | |||||
| CVE-2021-20075 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2021-08-17 | 7.2 HIGH | 7.8 HIGH |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd. | |||||
| CVE-2019-3785 | 1 Cloudfoundry | 1 Capi-release | 2021-08-17 | 5.5 MEDIUM | 8.1 HIGH |
| Cloud Foundry Cloud Controller, versions prior to 1.78.0, contain an endpoint with improper authorization. A remote authenticated malicious user with read permissions can request package information and receive a signed bit-service url that grants the user write permissions to the bit-service. | |||||
| CVE-2021-22396 | 1 Huawei | 4 Ecns280 Td, Ecns280 Td Firmware, Ese620x Vess and 1 more | 2021-08-11 | 4.6 MEDIUM | 7.8 HIGH |
| There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege management, a local attacker with common privilege may access some specific files in the affected products. Successful exploit will cause privilege escalation.Affected product versions include:eCNS280_TD V100R005C00,V100R005C10;eSE620X vESS V100R001C10SPC200,V100R001C20SPC200. | |||||
| CVE-2021-22421 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges. | |||||
| CVE-2019-14453 | 1 Comelitgroup | 1 Away From Home | 2021-08-11 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. For example, an attacker can achieve high privileges (installer or administrator) for the graphical interface via a 1C000000000S value for domus, in conjunction with a zero value for logged. | |||||
| CVE-2021-33526 | 1 Mbconnectline | 1 Mbdialup | 2021-08-10 | 7.2 HIGH | 7.8 HIGH |
| In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execution with the privileges of the service. | |||||
| CVE-2020-14032 | 1 Asrock | 1 Box-r1000 Firmware | 2021-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM. | |||||
| CVE-2018-1182 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2021-08-06 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only). It allows certain OS level users to execute arbitrary scripts with root level privileges. | |||||
| CVE-2017-4973 | 2 Cloudfoundry, Pivotal Software | 3 Cloud Foundry Uaa Bosh, Cloud Foundry Cf, Cloud Foundry Uaa | 2021-08-06 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. A vulnerability has been identified with the groups endpoint in UAA allowing users to elevate their privileges. | |||||
| CVE-2017-8032 | 2 Cloudfoundry, Pivotal Software | 3 Cloud Foundry Uaa Bosh, Cloud Foundry Cf, Cloud Foundry Uaa | 2021-08-06 | 6.0 MEDIUM | 6.6 MEDIUM |
| In Cloud Foundry cf-release versions prior to v264; UAA release all versions of UAA v2.x.x, 3.6.x versions prior to v3.6.13, 3.9.x versions prior to v3.9.15, 3.20.x versions prior to v3.20.0, and other versions prior to v4.4.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.17, 24.x versions prior to v24.12. 30.x versions prior to 30.5, and other versions prior to v41, zone administrators are allowed to escalate their privileges when mapping permissions for an external provider. | |||||
| CVE-2016-3376 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2021-08-05 | 9.3 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-7185, and CVE-2016-7211. | |||||