Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

CVEs (1,663)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-26589 1Hpe 2Superdome Flex 280 Firmware Superdome Flex Firmware Nov 21, 2024 Oct 19, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly At...Show more A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing an HttpOnly Attribute. HPE has provided a firmware update to resolve the vulnerability in HPE Superdome Flex Servers.Show less
CVE-2021-41802 1Hashicorp 1Vault Nov 21, 2024 Oct 8, 2021 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their id...Show more HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.Show less
CVE-2021-34758 1Cisco 2Roomos Telepresence Collaboration Endpoint Nov 21, 2024 Oct 6, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in...Show more A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.Show less
CVE-2021-20264 1Oracle 1Openjdk Nov 21, 2024 Oct 6, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privile...Show more An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.Show less
CVE-2021-0692 1Google 1Android Nov 21, 2024 Oct 6, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges neede...Show more In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-179289753Show less
CVE-2021-41091 2Fedoraproject Mobyproject 2Fedora Moby Nov 21, 2024 Oct 4, 2021 N/A· v4 6.3 MEDIUM· v3 4.6 MEDIUM· v2 Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insuffici...Show more Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.Show less
CVE-2021-39868 1Gitlab 1Gitlab Nov 21, 2024 Oct 4, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.
CVE-2021-3747 1Canonical 1Multipass Nov 21, 2024 Oct 1, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.
CVE-2021-35202 1Netscout 1Ngeniusone Nov 21, 2024 Sep 30, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.
CVE-2021-34410 1Zoom 1Zoom Plugin For Microsoft Outlook Nov 21, 2024 Sep 27, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root.
CVE-2021-34409 1Zoom 3Meetings RoomsScreen Sharing Nov 21, 2024 Sep 27, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, a...Show more It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.Show less
CVE-2021-40067 1Netmotionsoftware 1Mobility Nov 21, 2024 Sep 16, 2021 N/A· v4 6.8 MEDIUM· v3 4.9 MEDIUM· v2 The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid cre...Show more The access controls on the Mobility read-write API improperly validate user access permissions; this API is disabled by default. If the API is manually enabled, attackers with both network access to the API and valid credentials can read and write data to it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v12.14.Show less
CVE-2021-40066 1Netmotionsoftware 1Mobility Nov 21, 2024 Sep 16, 2021 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group...Show more The access controls on the Mobility read-only API improperly validate user access permissions. Attackers with both network access to the API and valid credentials can read data from it; regardless of access control group membership settings. This vulnerability is fixed in Mobility v11.76 and Mobility v12.14.Show less
CVE-2021-39210 1Glpi Project 1Glpi Nov 21, 2024 Sep 15, 2021 N/A· v4 6.5 MEDIUM· v3 3.5 LOW· v2 GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin...Show more GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the "remember me" feature) is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue is fixed in version 9.5.6. As a workaround, one may avoid using the "remember me" feature.Show less
CVE-2021-26434 1Microsoft 2Visual Studio 2017 Visual Studio 2019 Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Visual Studio Elevation of Privilege Vulnerability
CVE-2021-22149 1Elastic 1Enterprise Search Nov 21, 2024 Sep 15, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize A...Show more Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.Show less
CVE-2021-22148 1Elastic 1Enterprise Search Nov 21, 2024 Sep 15, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unaut...Show more Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.Show less
CVE-2021-22147 1Elastic 1Elasticsearch Nov 21, 2024 Sep 15, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
CVE-2021-3706 1Pi Hole 1Web Interface Nov 21, 2024 Sep 15, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag
CVE-2021-35508 1Terarecon 1Aquariusnet Nov 21, 2024 Sep 1, 2021 N/A· v4 8.8 HIGH· v3 8.5 HIGH· v2 NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service conf...Show more NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must change the service configuration or overwrite the binary service.Show less

Previous 1...404142...84 Next