Total
2094 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26594 | 1 Rangerstudio | 1 Directus | 2024-11-21 | 8.8 High |
| In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-26441 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 7.8 High |
| Storage Spaces Controller Elevation of Privilege Vulnerability | ||||
| CVE-2021-25657 | 1 Avaya | 1 Ip Office | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. | ||||
| CVE-2021-25651 | 1 Avaya | 1 Aura Utility Services | 2024-11-21 | 8 High |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services | ||||
| CVE-2021-25650 | 1 Avaya | 1 Aura Utility Services | 2024-11-21 | 7.7 High |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services | ||||
| CVE-2021-25630 | 1 Collaboraoffice | 1 Online | 2024-11-21 | 7.8 High |
| "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges. | ||||
| CVE-2021-25515 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. | ||||
| CVE-2021-25513 | 1 Google | 1 Android | 2024-11-21 | 2.4 Low |
| An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. | ||||
| CVE-2021-25508 | 1 Samsung | 1 Smartthings | 2024-11-21 | 5.3 Medium |
| Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. | ||||
| CVE-2021-25502 | 1 Google | 1 Android | 2024-11-21 | 7.9 High |
| A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. | ||||
| CVE-2021-25442 | 1 Samsung | 1 Knox Cloud Services | 2024-11-21 | 7.5 High |
| Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication. | ||||
| CVE-2021-25429 | 1 Google | 1 Android | 2024-11-21 | 4.3 Medium |
| Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. | ||||
| CVE-2021-25428 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances. | ||||
| CVE-2021-25418 | 1 Samsung | 1 Internet | 2024-11-21 | 7.8 High |
| Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | ||||
| CVE-2021-25377 | 2 Google, Samsung | 2 Android, Experience Service | 2024-11-21 | 3.3 Low |
| Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action. | ||||
| CVE-2021-25365 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd. | ||||
| CVE-2021-25363 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files. | ||||
| CVE-2021-25362 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files. | ||||
| CVE-2021-25336 | 1 Google | 1 Android | 2024-11-21 | 2.8 Low |
| Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent. | ||||
| CVE-2021-24602 | 1 Hmplugin | 1 Hm Multiple Roles | 2024-11-21 | 8.8 High |
| The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page | ||||