Vulnerabilities (CVE)

Filtered by CWE-732
Total 1411 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38557 1 Raspap 1 Raspap 2024-11-21 9.0 HIGH 8.8 HIGH
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with no password; however, the www-data account can also overwrite /etc/raspap/hostapd/enablelog.sh with any executable content.
CVE-2021-38483 1 Fanuc 1 Roboguide 2024-11-21 3.3 LOW 6.0 MEDIUM
The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation.
CVE-2021-38289 1 Novastar 1 Novaicare 2024-11-21 6.5 MEDIUM 8.8 HIGH
An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users, view roles, and other unspecified impacts.
CVE-2021-38154 1 Canon 1 - 2024-11-21 4.3 MEDIUM 7.5 HIGH
Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For example, an incoming FAX may be sent through e-mail to the attacker. This occurs when a PIN is not required for General User Mode, as exploited in the wild in August 2021.
CVE-2021-38085 1 Canon 2 Pixma Tr150, Pixma Tr150 Firmware 2024-11-21 7.2 HIGH 7.8 HIGH
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process).
CVE-2021-37841 1 Docker 1 Desktop 2024-11-21 4.6 MEDIUM 7.8 HIGH
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers.
CVE-2021-37364 1 Openclinic Ga Project 1 Openclinic Ga 2024-11-21 9.3 HIGH 7.8 HIGH
OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would connect back to an attacking computer giving system level privileges (nt authority\system) due to the service running as Local System. While a low privilege user is unable to restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also have unquoted service path issues.
CVE-2021-37207 1 Siemens 1 Sentron Powermanager 3 2024-11-21 7.2 HIGH 7.8 HIGH
A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
CVE-2021-36281 1 Dell 1 Emc Powerscale Onefs 2024-11-21 6.5 MEDIUM 7.5 HIGH
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges.
CVE-2021-36280 1 Dell 1 Emc Powerscale Onefs 2024-11-21 2.1 LOW 7.8 HIGH
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.
CVE-2021-36279 1 Dell 1 Emc Powerscale Onefs 2024-11-21 7.2 HIGH 7.8 HIGH
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.
CVE-2021-36133 2 Linaro, Nxp 7 Op-tee, I.mx6sx, I.mx 6 and 4 more 2024-11-21 3.6 LOW 7.1 HIGH
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
CVE-2021-36129 1 Mediawiki 1 Mediawiki 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata.
CVE-2021-35508 1 Terarecon 1 Aquariusnet 2024-11-21 8.5 HIGH 8.8 HIGH
NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary service.
CVE-2021-35449 1 Lexmark 4 G2 Driver, G3 Driver, G4 Driver and 1 more 2024-11-21 7.2 HIGH 7.8 HIGH
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.
CVE-2021-35248 2 Microsoft, Solarwinds 2 Windows, Orion Platform 2024-11-21 4.0 MEDIUM 6.8 MEDIUM
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.
CVE-2021-35202 1 Netscout 1 Ngeniusone 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.
CVE-2021-34758 1 Cisco 2 Roomos, Telepresence Collaboration Endpoint 2024-11-21 2.1 LOW 4.4 MEDIUM
A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.
CVE-2021-34410 1 Zoom 1 Zoom Plugin For Microsoft Outlook 2024-11-21 7.2 HIGH 7.8 HIGH
A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root.
CVE-2021-34409 1 Zoom 3 Meetings, Rooms, Screen Sharing 2024-11-21 7.2 HIGH 7.8 HIGH
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.