CWE-269

** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services.

Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.

An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen.

“loolforkit” is a privileged program that is supposed to be run by a special, non-privileged “lool” user. Before doing anything else “loolforkit” checks, if it was invoked by the “lool” user, and refuses to run with privileges, if it’s not the case. In the vulnerable version of “loolforkit” this check was wrong, so a normal user could start “loolforkit” and eventually get local root privileges.

Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.

Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.