Vulnerabilities (CVE)

Filtered by CWE-269
Total 2071 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29792 1 Ibm 1 Event Streams 2024-11-21 6.5 MEDIUM 7.2 HIGH
IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: 203450.
CVE-2021-28710 2 Fedoraproject, Xen 2 Fedora, Xen 2024-11-21 6.9 MEDIUM 8.8 HIGH
certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are presently set up to always be 4 levels deep. However, an IOMMU may require the use of just 3 page table levels. In such a configuration the lop level table needs to be stripped before inserting the root table's address into the hardware pagetable base register. When sharing page tables, Xen erroneously skipped this stripping. Consequently, the guest is able to write to leaf page table entries.
CVE-2021-28702 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2024-11-21 4.6 MEDIUM 7.6 HIGH
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
CVE-2021-28692 1 Xen 1 Xen 2024-11-21 5.6 MEDIUM 7.1 HIGH
inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being detected is inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue as if the IOMMU operation succeeded.
CVE-2021-28411 1 Ruoyi 1 Ruoyi 2024-11-21 N/A 9.8 CRITICAL
An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.
CVE-2021-28322 1 Microsoft 6 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 3 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28313 1 Microsoft 6 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 3 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28250 1 Ca 1 Ehealth Performance Manager 2024-11-21 4.6 MEDIUM 7.8 HIGH
CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-27767 1 Hcltech 1 Bigfix Platform 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.
CVE-2021-27766 1 Hcltech 1 Bigfix Platform 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.
CVE-2021-27765 1 Hcltech 1 Bigfix Platform 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.
CVE-2021-27664 1 Johnsoncontrols 1 Exacqvision Web Service 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
CVE-2021-27657 1 Johnsoncontrols 1 Metasys 2024-11-21 6.5 MEDIUM 8.8 HIGH
Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions.
CVE-2021-27454 1 Ge 2 Reason Dr60, Reason Dr60 Firmware 2024-11-21 4.6 MEDIUM 7.8 HIGH
The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).
CVE-2021-27448 1 Ge 2 Mu320e, Mu320e Firmware 2024-11-21 4.6 MEDIUM 7.8 HIGH
A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).
CVE-2021-27394 1 Mendix 1 Mendix 2024-11-21 6.5 MEDIUM 8.8 HIGH
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges.
CVE-2021-27192 2 Microsoft, Netop 2 Windows, Vision Pro 2024-11-21 4.6 MEDIUM 7.8 HIGH
Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including 9.7.1 allows a local user to gain administrator privileges whilst using the clients.
CVE-2021-27077 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
Windows Win32k Elevation of Privilege Vulnerability
CVE-2021-26936 1 Replaysorcery Project 1 Replaysorcery 2024-11-21 7.2 HIGH 7.8 HIGH
The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations.
CVE-2021-26863 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-11-21 7.2 HIGH 7.0 HIGH
Windows Win32k Elevation of Privilege Vulnerability