CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2021-30027 DoS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document.
202 CVE-2021-29948 362 2021-06-24 2021-06-30
1.9
None Local Medium Not required None Partial None
Signatures are written to disk before and read during verification, which might be subject to a race condition when a malicious local process or user is replacing the file. This vulnerability affects Thunderbird < 78.10.
203 CVE-2021-29906 2021-10-08 2021-10-15
1.9
None Local Medium Not required Partial None None
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.
204 CVE-2021-29763 770 DoS 2021-09-16 2021-11-05
1.9
None Local Medium Not required None None Partial
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.
205 CVE-2021-29671 863 Bypass 2021-04-09 2021-04-14
1.9
None Local Medium Not required None Partial None
IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.
206 CVE-2021-29667 Exec Code 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 199403.
207 CVE-2021-29666 XSS 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199400.
208 CVE-2021-29483 200 +Info 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set `$wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled';` or remove private config as a workaround.
209 CVE-2021-29476 502 2021-04-27 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0.
210 CVE-2021-29474 22 Dir. Trav. 2021-04-26 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can try to open the following URL: `http://localhost:3000/..%2F..%2FREADME#` (replace `http://localhost:3000` with your instance's base-URL e.g. `https://demo.hedgedoc.org/..%2F..%2FREADME#`). If you see a README page being rendered, you run an affected version. The attack works due the fact that the internal router passes the url-encoded alias to the `noteController.showNote`-function. This function passes the input directly to findNote() utility function, that will pass it on the the parseNoteId()-function, that tries to make sense out of the noteId/alias and check if a note already exists and if so, if a corresponding file on disk was updated. If no note exists the note creation-function is called, which pass this unvalidated alias, with a `.md` appended, into a path.join()-function which is read from the filesystem in the follow up routine and provides the pre-filled content of the new note. This allows an attacker to not only read arbitrary `.md` files from the filesystem, but also observes changes to them. The usefulness of this attack can be considered limited, since mainly markdown files are use the file-ending `.md` and all markdown files contained in the hedgedoc project, like the README, are public anyway. If other protections such as a chroot or container or proper file permissions are in place, this attack's usefulness is rather limited. On a reverse-proxy level one can force a URL-decode, which will prevent this attack because the router will not accept such a path.
211 CVE-2021-29460 79 XSS 2021-04-27 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like `<script>` tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby, the script will run and can for example trigger requests to Kirby's API with the permissions of the victim. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can escalate their privileges if they get access to the Panel session of an admin user. Depending on your site, other JavaScript-powered attacks are possible. Visitors without Panel access can only use this attack vector if your site allows SVG file uploads in frontend forms and you don't already sanitize uploaded SVG files. The problem has been patched in Kirby 3.5.4. Please update to this or a later version to fix the vulnerability. Frontend upload forms need to be patched separately depending on how they store the uploaded file(s). If you use `File::create()`, you are protected by updating to 3.5.4+. As a work around you can disable the upload of SVG files in your file blueprints.
212 CVE-2021-29442 306 2021-04-27 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)
213 CVE-2021-29441 Bypass 2021-04-27 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.
214 CVE-2021-29429 377 2021-04-12 2021-10-20
1.9
None Local Medium Not required Partial None None
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.
215 CVE-2021-29388 XSS 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'.
216 CVE-2021-29387 XSS 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters.
217 CVE-2021-29239 Exec Code 2021-05-03 2021-05-03
0.0
None ??? ??? ??? ??? ??? ???
CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity.
218 CVE-2021-29159 XSS 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x before 3.30.1. An attacker with a local account can create entities with crafted properties that, when viewed by an administrator, can execute arbitrary JavaScript in the context of the NXRM application.
219 CVE-2021-29158 2021-04-23 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.
220 CVE-2021-29147 Exec Code 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
221 CVE-2021-29146 XSS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
222 CVE-2021-29142 XSS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
223 CVE-2021-29141 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
224 CVE-2021-29140 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
225 CVE-2021-29139 XSS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
226 CVE-2021-29138 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability.
227 CVE-2021-28964 362 DoS 2021-03-22 2021-06-23
1.9
None Local Medium Not required None None Partial
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.
228 CVE-2021-28703 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. This bug was fortuitously fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches as a prerequisite of the fix for XSA-378.
229 CVE-2021-28680 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used. If the server-side secret_key_base value became publicly known (for instance if it is committed to a public repository by mistake), there are still other protections in place that prevent an attacker from impersonating any user on the site. When masquerading is not used in a plain Devise application, one must know the password salt of the target user if one wants to encrypt and sign a valid session cookie. When devise_masquerade is used, however, an attacker can decide which user the "back" action will go back to without knowing that user's password salt and simply knowing the user ID, by manipulating the session cookie and pretending that a user is already masqueraded by an administrator.
230 CVE-2021-28399 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function.
231 CVE-2021-28280 XSS CSRF 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML
232 CVE-2021-28269 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
233 CVE-2021-28125 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
234 CVE-2021-28055 CSRF 2021-04-15 2021-04-15
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
235 CVE-2021-27860 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 could allow a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
236 CVE-2021-27851 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable.
237 CVE-2021-27645 415 DoS 2021-02-24 2021-07-06
1.9
None Local Medium Not required None None Partial
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
238 CVE-2021-27637 668 2021-06-09 2021-06-16
1.9
None Local Medium Not required Partial None None
Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure.
239 CVE-2021-27480 121 Exec Code Overflow 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code.
240 CVE-2021-27004 922 2021-11-01 2021-11-02
1.7
None Local Low ??? Partial None None
System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials.
241 CVE-2021-26932 2021-02-17 2021-03-31
1.9
None Local Medium Not required None None Partial
An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
242 CVE-2021-26931 770 2021-02-17 2021-03-31
1.9
None Local Medium Not required None None Partial
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
243 CVE-2021-26909 2021-04-23 2021-04-23
0.0
None ??? ??? ??? ??? ??? ???
Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.
244 CVE-2021-26908 2021-04-23 2021-04-23
0.0
None ??? ??? ??? ??? ??? ???
Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. The issue has since been fixed in version 31 of the Automox Agent.
245 CVE-2021-26797 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker to get system administrator through an open Telnet service.
246 CVE-2021-26444 2021-11-10 2021-11-17
1.9
None Local Medium Not required Partial None None
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-42301, CVE-2021-42323.
247 CVE-2021-26318 203 +Info 2021-10-13 2021-10-20
1.9
None Local Medium Not required Partial None None
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.
248 CVE-2021-26110 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.
249 CVE-2021-26109 Exec Code Overflow 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
250 CVE-2021-26108 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
A use of hard-coded cryptographic key vulnerability in the SSLVPN of FortiOS before 7.0.1 may allow an attacker to retrieve the key by reverse engineering.
Total number of vulnerabilities : 1738   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.