Filtered by CWE-269
Total 2157 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-25363 1 Google 1 Android 2024-11-21 6.8 Medium
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.
CVE-2021-25362 1 Google 1 Android 2024-11-21 6.8 Medium
An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.
CVE-2021-25336 1 Google 1 Android 2024-11-21 2.8 Low
Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.
CVE-2021-24602 1 Hmplugin 1 Hm Multiple Roles 2024-11-21 8.8 High
The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page
CVE-2021-24289 1 De-baat 1 Store Locator Plus 2024-11-21 8.8 High
There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
CVE-2021-24207 1 Themeum 1 Wp Page Builder 2024-11-21 4.3 Medium
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.
CVE-2021-24158 1 Themeisle 1 Orbit Fox 2024-11-21 6.5 Medium
Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration.
CVE-2021-24102 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2024-11-21 7.8 High
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2021-24096 1 Microsoft 8 Windows 10, Windows 10 1607, Windows 10 1809 and 5 more 2024-11-21 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-24095 1 Microsoft 10 Windows 10, Windows 10 1803, Windows 10 1809 and 7 more 2024-11-21 7 High
DirectX Elevation of Privilege Vulnerability
CVE-2021-24092 1 Microsoft 12 Endpoint Protection, Security Essentials, System Center Endpoint Protection and 9 more 2024-11-21 7.8 High
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2021-24090 1 Microsoft 8 Windows 10, Windows 10 1809, Windows 10 1909 and 5 more 2024-11-21 7.8 High
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2021-24087 1 Azure-iot-cli-extension 1 - 2024-11-21 7 High
Azure IoT CLI extension Elevation of Privilege Vulnerability
CVE-2021-24038 1 Oculus 1 Desktop 2024-11-21 7.8 High
Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.
CVE-2021-23999 2 Mozilla, Redhat 5 Firefox, Firefox Esr, Thunderbird and 2 more 2024-11-21 8.8 High
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
CVE-2021-23893 1 Mcafee 1 Drive Encryption 2024-11-21 8.8 High
Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer.
CVE-2021-23891 1 Mcafee 1 Total Protection 2024-11-21 7.8 High
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.
CVE-2021-23887 1 Mcafee 1 Data Loss Prevention Endpoint 2024-11-21 7.8 High
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to write to arbitrary controlled kernel addresses. This is achieved by launching applications, suspending them, modifying the memory and restarting them when they are monitored by McAfee DLP through the hdlphook driver.
CVE-2021-23885 1 Mcafee 1 Web Gateway 2024-11-21 9 Critical
Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.
CVE-2021-23882 1 Mcafee 1 Endpoint Security 2024-11-21 8.2 High
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade.