CWE:
 

Tytuł
Data
Autor
Med.
Solarwinds LEM 6.3.1 Sudo Privilege Escalation
25.04.2017
Hank Leininger and Mat...


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-12-07
Medium
CVE-2021-37056

Vendor: Huawei
Software: Magic ui
 

 
There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information.

 
Medium
CVE-2021-44512

Vendor: Tmate
Software: Tmate-ssh-server
 

 
World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.

 
2021-11-23
Medium
CVE-2021-37006

Vendor: Huawei
Software: Harmonyos
 

 
There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected.

 
2021-11-17
Medium
CVE-2021-0064

Updating...
 

 
Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

 
2021-11-05
Medium
CVE-2021-39897

Vendor: Gitlab
Software: Gitlab
 

 
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred

 
2021-10-19
Medium
CVE-2021-30827

Vendor: Apple
Software: Mac os x
 

 
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.

 
2021-10-04
Medium
CVE-2021-41089

Vendor: Mobyproject
Software: MOBY
 

 

 
Medium
CVE-2021-41091

Vendor: Mobyproject
Software: MOBY
 

 
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.

 
2021-08-05
Medium
CVE-2021-29971

Vendor: Mozilla
Software: Firefox
 

 
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90.

 
2021-08-04
Medium
CVE-2021-32465

Vendor: Trendmicro
Software: Apex one
 

 
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top