CWE:
 

Tytuł
Data
Autor
Med.
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
25.04.2017
Hank Leininger and Mat...


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-04-08
Medium
CVE-2022-24428

Vendor: DELL
Software: Emc powersca...
 

 
Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure.

 
2022-03-29
Low
CVE-2022-28147

Vendor: Jenkins
Software: Continuous i...
 

 
A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

 
2022-03-18
Low
CVE-2022-22650

Vendor: Apple
Software: Macos
 

 
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data.

 
2022-03-16
Medium
CVE-2021-39695

Vendor: Google
Software: Android
 

 
In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-209607944

 
Medium
CVE-2021-39697

Vendor: Google
Software: Android
 

 
In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200813547

 
Medium
CVE-2021-39704

Vendor: Google
Software: Android
 

 
In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481

 
2022-03-10
Medium
CVE-2022-24618

Vendor: Heimdalsecurity
Software: Heimdal prem...
 

 
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the "Browse For Folder" window accessible by triggering a "Repair" on the MSI package located in C:\Windows\Installer.

 
2022-02-21
Medium
CVE-2021-45008

Vendor: Plesk
Software: Plesk
 

 
** DISPUTED ** Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users.

 
2022-02-09
Medium
CVE-2022-21203

Vendor: Intel
Software: Quartus prime
 

 
Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

 
2022-01-14
Medium
CVE-2021-39622

Vendor: Google
Software: Android
 

 
In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-192663648

 

 


Copyright 2022, cxsecurity.com

 

Back to Top