CWE:
 

Tytuł
Data
Autor
Med.
BarracudaDrive v6.5 Insecure Folder Permissions
04.09.2020
Bobby Cooke
Med.
BarracudaDrive 6.5 Local Privilege Escalation
11.08.2020
Bobby Cooke
Med.
Schneider Electric Wonderware InduSoft Web Studio 8.0 Patch 3 Insecure Permissions
02.07.2017
Karn Ganeshen
Med.
WIN-911 7.17.00 Insecure File Permissions / Plaintext Password Storage
07.09.2016
sh4d0wman
Med.
Hide.Me VPN Client 1.2.4 - Privilege Escalation
08.07.2016
sh4d0wman
Med.
PQI Air Pen Express CSRF / XSS / Insecure Direct Object Reference
06.04.2016
orwelllabs
High
Zarafa Multiple incorrect default permissions
25.08.2014
Robert Scheck
High
Eventum 2.3.4 Incorrect Permissions / Code Injection
29.01.2014
High-Tech Bridge Secur...
High
Zavio IP Cameras multiple vulnerabilities
28.05.2013
CORE
Med.
Photodex ProShow Producer 5.0.3310 Privilege Escalation
20.03.2013
Inshell Security Advis...


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-01-14
Low
CVE-2021-36781

Vendor: Opensuse
Software: Factory
 

 
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.

 
2022-01-12
Medium
CVE-2022-0179

Vendor: Snipeitapp
Software: Snipe-it
 

 
snipe-it is vulnerable to Improper Access Control

 
2022-01-10
Medium
CVE-2021-40004

Vendor: Huawei
Software: Harmonyos
 

 
The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality.

 
Medium
CVE-2021-45003

Vendor: Laundry booking management system project
Software: Laundry book...
 

 
Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.

 
2022-01-03
Medium
CVE-2021-37132

Vendor: Huawei
Software: Harmonyos
 

 
PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission.

 
2021-12-15
Medium
CVE-2021-43326

Updating...
 

 
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.

 
Medium
CVE-2021-43325

Updating...
 

 
Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression.

 
Medium
CVE-2021-39651

Vendor: Google
Software: Android
 

 
In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193438173References: N/A

 
Medium
CVE-2021-39639

Vendor: Google
Software: Android
 

 
In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198291476References: N/A

 
Low
CVE-2021-0979

Vendor: Google
Software: Android
 

 
In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191772737

 

 


Copyright 2022, cxsecurity.com

 

Back to Top