Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-11 | CVE-2021-0583 | Improper Privilege Management vulnerability in Google Android 10.0/9.0 In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. | 4.4 |
| 2021-10-11 | CVE-2021-27664 | Improper Privilege Management vulnerability in Johnsoncontrols Exacqvision web Service 20.06.11.0/20.06.3.0 Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server. | 6.8 |
| 2021-10-11 | CVE-2021-42135 | Improper Privilege Management vulnerability in Hashicorp Vault 1.8.0/1.8.3/1.8.4 HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. | 4.9 |
| 2021-10-06 | CVE-2021-34766 | Improper Privilege Management vulnerability in Cisco Smart Software Manager On-Prem A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and settings in multiple functions. | 8.8 |
| 2021-10-06 | CVE-2021-0598 | Improper Privilege Management vulnerability in Google Android In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. | 4.4 |
| 2021-10-06 | CVE-2021-0691 | Improper Privilege Management vulnerability in Google Android 11.0 In the SELinux policy configured in system_app.te, there is a possible way for system_app to gain code execution in other processes due to an overly-permissive SELinux policy. | 4.6 |
| 2021-10-06 | CVE-2021-28702 | Improper Privilege Management vulnerability in multiple products PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). | 7.6 |
| 2021-10-01 | CVE-2021-23893 | Improper Privilege Management vulnerability in Mcafee Drive Encryption Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer. | 7.8 |
| 2021-09-27 | CVE-2021-34411 | Improper Privilege Management vulnerability in Zoom Rooms During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. | 4.6 |
| 2021-09-27 | CVE-2021-34412 | Improper Privilege Management vulnerability in Zoom Meetings 4.6.11 During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. | 4.6 |