Total
1971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43835 | 1 Sulu | 1 Sulu | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not already had. This issue was introduced in 2.0.0-RC1 with the new ProfileController putAction. The versions have been patched in 2.2.18, 2.3.8 and 2.4.0. For users unable to upgrade the only known workaround is to apply a patch to the ProfileController manually. | |||||
| CVE-2021-43528 | 2 Debian, Mozilla | 2 Debian Linux, Thunderbird | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0. | |||||
| CVE-2021-43211 | 1 Microsoft | 1 Windows 10 Update Assistant | 2024-11-21 | 6.6 MEDIUM | 5.5 MEDIUM |
| Windows 10 Update Assistant Elevation of Privilege Vulnerability | |||||
| CVE-2021-43076 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 6.3 MEDIUM |
| An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access. | |||||
| CVE-2021-42956 | 2 Microsoft, Zoho | 2 Windows, Manageengine Remote Access Plus Server | 2024-11-21 | 6.5 MEDIUM | 7.8 HIGH |
| Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more. | |||||
| CVE-2021-42562 | 1 Mitre | 1 Caldera | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users. | |||||
| CVE-2021-42322 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability | |||||
| CVE-2021-42319 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2024-11-21 | 2.1 LOW | 4.7 MEDIUM |
| Visual Studio Elevation of Privilege Vulnerability | |||||
| CVE-2021-42304 | 1 Microsoft | 1 Azure Real Time Operating System | 2024-11-21 | 7.2 HIGH | 6.6 MEDIUM |
| Azure RTOS Elevation of Privilege Vulnerability | |||||
| CVE-2021-42303 | 1 Microsoft | 1 Azure Real Time Operating System | 2024-11-21 | 7.2 HIGH | 6.6 MEDIUM |
| Azure RTOS Elevation of Privilege Vulnerability | |||||
| CVE-2021-42302 | 1 Microsoft | 1 Azure Real Time Operating System | 2024-11-21 | 7.2 HIGH | 6.6 MEDIUM |
| Azure RTOS Elevation of Privilege Vulnerability | |||||
| CVE-2021-42291 | 1 Microsoft | 6 Windows Server, Windows Server 2008, Windows Server 2012 and 3 more | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42286 | 1 Microsoft | 3 Windows 10, Windows Server, Windows Server 2016 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability | |||||
| CVE-2021-42285 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2021-42283 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2021-42282 | 1 Microsoft | 6 Windows Server, Windows Server 2008, Windows Server 2012 and 3 more | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| Active Directory Domain Services Elevation of Privilege Vulnerability | |||||
| CVE-2021-42280 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| Windows Feedback Hub Elevation of Privilege Vulnerability | |||||
| CVE-2021-42277 | 1 Microsoft | 8 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 5 more | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | |||||
| CVE-2021-42135 | 1 Hashicorp | 1 Vault | 2024-11-21 | 4.9 MEDIUM | 8.1 HIGH |
| HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials. | |||||
| CVE-2021-42108 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||