CWE:
 

Topic
Date
Author
Med.
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
25.04.2017
Hank Leininger and Mat...


CVEMAP Search Results

CVE
Details
Description
2022-06-14
Low
CVE-2021-35079

Updating...
 

 
Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

 
2022-06-13
Low
CVE-2022-31755

Vendor: Huawei
Software: Magic ui
 

 
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.

 
2022-04-08
Medium
CVE-2022-24428

Vendor: DELL
Software: Emc powersca...
 

 
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure.

 
2022-03-29
Low
CVE-2022-28147

Vendor: Jenkins
Software: Continuous i...
 

 
A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

 
2022-03-18
Low
CVE-2022-22650

Vendor: Apple
Software: Macos
 

 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data.

 
2022-03-16
Medium
CVE-2021-39697

Vendor: Google
Software: Android
 

 
In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200813547

 
Medium
CVE-2021-39704

Vendor: Google
Software: Android
 

 
In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481

 
Medium
CVE-2021-39695

Vendor: Google
Software: Android
 

 
In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-209607944

 
2022-03-10
Medium
CVE-2022-24618

Vendor: Heimdalsecurity
Software: Heimdal prem...
 

 
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.

 
2022-02-21
Medium
CVE-2021-45008

Vendor: Plesk
Software: Plesk
 

 
** DISPUTED ** Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top