Export limit exceeded: 342084 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7947 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27851 | 1 Gnu | 1 Guix | 2024-11-21 | 5.5 Medium |
| A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable. | ||||
| CVE-2021-27850 | 1 Apache | 1 Tapestry | 2024-11-21 | 9.8 Critical |
| A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later. | ||||
| CVE-2021-27785 | 1 Hcltechsw | 1 Hcl Commerce | 2024-11-21 | 3.9 Low |
| HCL Commerce's Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. | ||||
| CVE-2021-27495 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2024-11-21 | 7.1 High |
| Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint. | ||||
| CVE-2021-27491 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2024-11-21 | 7.5 High |
| Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process. | ||||
| CVE-2021-27463 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-11-21 | 5.3 Medium |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information. | ||||
| CVE-2021-27372 | 1 Realtek | 2 Xpon Rtl9601d, Xpon Rtl9601d Software Development Kit | 2024-11-21 | 9.8 Critical |
| Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands. | ||||
| CVE-2021-27335 | 1 Kollectapp | 1 Kollect | 2024-11-21 | 9.8 Critical |
| KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Execution via a ysoserial.payloads.CommonsCollections parameter. | ||||
| CVE-2021-27277 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the OneTimeJobSchedulerEventsService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11955. | ||||
| CVE-2021-27241 | 1 Avast | 1 Premium Security | 2024-11-21 | 6.1 Medium |
| This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12082. | ||||
| CVE-2021-27240 | 1 Solarwinds | 1 Patch Manager | 2024-11-21 | 7.8 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DataGridService WCF service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of Administrator. Was ZDI-CAN-12009. | ||||
| CVE-2021-27229 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2024-11-21 | 8.8 High |
| Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. | ||||
| CVE-2021-27213 | 1 Pystemon Project | 1 Pystemon | 2024-11-21 | 9.8 Critical |
| config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeLoader and safe_load are not used. | ||||
| CVE-2021-27187 | 1 Xn--b1agzlht | 1 Fx Aggregator Terminal Client | 2024-11-21 | 7.5 High |
| The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked. | ||||
| CVE-2021-27117 | 1 Beego | 1 Beego | 2024-11-21 | 7.8 High |
| An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally. | ||||
| CVE-2021-27116 | 1 Beego | 1 Beego | 2024-11-21 | 7.8 High |
| An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally. | ||||
| CVE-2021-27026 | 1 Puppet | 3 Puppet, Puppet Connect, Puppet Enterprise | 2024-11-21 | 4.4 Medium |
| A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged | ||||
| CVE-2021-27022 | 1 Puppet | 2 Puppet, Puppet Enterprise | 2024-11-21 | 4.9 Medium |
| A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). | ||||
| CVE-2021-27019 | 1 Puppet | 2 Puppet Enterprise, Puppetdb | 2024-11-21 | 4.3 Medium |
| PuppetDB logging included potentially sensitive system information. | ||||
| CVE-2021-26999 | 1 Netapp | 1 Cloud Manager | 2024-11-21 | 4.3 Medium |
| NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version. | ||||