CVE-2021-20263

LOW Year: 2021
CVSS v3 Score
3.3
Low
CVSS v2 Score
2.1
Low
Weakness Type
CWE-281
View all →

Vulnerability Description

A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.

Related Vulnerabilities

CVE-2019-19620

LOW
CVSS:3.3(Low)

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to t...

CWE-2812019

CVE-2022-31237

LOW
CVSS:3.3(Low)

Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially ...

CWE-2812022

CVE-2023-21464

LOW
CVSS:3.3(Low)

Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status.

CWE-2812023

CVE-2023-30735

LOW
CVSS:3.3(Low)

Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant.

CWE-2812023

CVE-2024-54516

LOW
CVSS:3.3(Low)

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.2, macOS Sequoia 15.2. An app may be able to approve a launch daemon without user consent.

CWE-2812024

CVE-2022-41963

LOW
CVSS:3.1(Low)

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by attack...

CWE-2812022