CWE:
 

Topic
Date
Author
Med.
BarracudaDrive v6.5 Insecure Folder Permissions
04.09.2020
Bobby Cooke
Med.
BarracudaDrive 6.5 Local Privilege Escalation
11.08.2020
Bobby Cooke
Med.
Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions
02.07.2017
Karn Ganeshen
Med.
WIN-911 7.17.00 Insecure File Permissions / Plaintext Password Storage
07.09.2016
sh4d0wman
Med.
Hide.Me VPN Client 1.2.4 - Privilege Escalation
08.07.2016
sh4d0wman
Med.
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
06.04.2016
orwelllabs
High
Zarafa Multiple incorrect default permissions
25.08.2014
Robert Scheck
High
Eventum 2.3.4 Incorrect Permissions / Code Injection
29.01.2014
High-Tech Bridge Secur...
High
Zavio IP Cameras multiple vulnerabilities
28.05.2013
CORE
Med.
Photodex ProShow Producer 5.0.3310 Privilege Escalation
20.03.2013
Inshell Security Advis...


CVEMAP Search Results

CVE
Details
Description
2021-07-14
Medium
CVE-2021-0486

Vendor: Google
Software: Android
 

 
In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-171430330

 
Medium
CVE-2021-0588

Vendor: Google
Software: Android
 

 
In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-177238342

 
Medium
CVE-2021-0590

Vendor: Google
Software: Android
 

 
In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-175213041

 
Medium
CVE-2021-0603

Vendor: Google
Software: Android
 

 
In onCreate of ContactSelectionActivity.java, there is a possible way to get access to contacts without permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-182809425

 
Low
CVE-2021-0654

Vendor: Google
Software: Android
 

 
In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. This could lead to local information disclosure from locked profiles with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168802517References: N/A

 
Medium
CVE-2021-0441

Vendor: Google
Software: Android
 

 
In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174495520

 
2021-07-13
High
CVE-2021-31217

Vendor: Solarwinds
Software: Dameware min...
 

 
In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM.

 
2021-07-12
Medium
CVE-2021-32725

Vendor: Nextcloud
Software: Nextcloud server
 

 
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.

 
2021-07-09
Medium
CVE-2021-33214

Vendor: Hms-networks
Software: Ecatcher
 

 
In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation.

 
2021-07-07
Low
CVE-2021-26274

Vendor: Ninjarmm
Software: Ninjarmm
 

 
The Agent in NinjaRMM 5.0.909 has Insecure Permissions.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top