Total
29592 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42336 | 1 Huaju | 1 Easytest Online Learning Test Platform | 2024-11-21 | 4.3 Medium |
| The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters. | ||||
| CVE-2021-42332 | 1 Xinheinformation | 1 Xinhe Teaching Platform System | 2024-11-21 | 4.3 Medium |
| The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters. | ||||
| CVE-2021-42330 | 1 Xinheinformation | 1 Xinhe Teaching Platform System | 2024-11-21 | 8.8 High |
| The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters. | ||||
| CVE-2021-42326 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 5.3 Medium |
| Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. | ||||
| CVE-2021-42128 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical |
| An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. | ||||
| CVE-2021-42126 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High |
| An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. | ||||
| CVE-2021-42124 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 8.8 High |
| An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. | ||||
| CVE-2021-42116 | 1 Businessdnasolutions | 1 Topease | 2024-11-21 | 4.3 Medium |
| Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker to view the Shape Editor and Settings, which are functionality for higher privileged users, via identifying said components in the front-end source code or other means. | ||||
| CVE-2021-42114 | 3 Micron, Samsung, Skhynix | 12 Ddr4 Sdram, Ddr4 Sdram Firmware, Lddr4 and 9 more | 2024-11-21 | 9 Critical |
| Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips on affected memory modules using our Blacksmith fuzzer. The patterns generated by Blacksmith were able to trigger bitflips on all 40 PC-DDR4 DRAM devices in our test pool, which cover the three major DRAM manufacturers: Samsung, SK Hynix, and Micron. This means that, even when chips advertised as Rowhammer-free are used, attackers may still be able to exploit Rowhammer. For example, this enables privilege-escalation attacks against the kernel or binaries such as the sudo binary, and also triggering bit flips in RSA-2048 keys (e.g., SSH keys) to gain cross-tenant virtual-machine access. We can confirm that DRAM devices acquired in July 2020 with DRAM chips from all three major DRAM vendors (Samsung, SK Hynix, Micron) are affected by this vulnerability. For more details, please refer to our publication. | ||||
| CVE-2021-42029 | 1 Siemens | 71 Simatic S7-1200 Cpu, Simatic S7-1200 Cpu 1211c, Simatic S7-1200 Cpu 1212c and 68 more | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. | ||||
| CVE-2021-42000 | 1 Pingidentity | 1 Pingfederate | 2024-11-21 | 5.3 Medium |
| When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password. | ||||
| CVE-2021-41844 | 1 Crocoblock | 1 Jetengine | 2024-11-21 | 9.8 Critical |
| Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. | ||||
| CVE-2021-41834 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 5.3 Medium |
| JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. | ||||
| CVE-2021-41801 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 8.8 High |
| The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue backlog) | ||||
| CVE-2021-41790 | 1 Alfresco | 1 Alfresco Content Services | 2024-11-21 | 8.8 High |
| An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment. | ||||
| CVE-2021-41617 | 6 Fedoraproject, Netapp, Openbsd and 3 more | 15 Fedora, Active Iq Unified Manager, Aff 500f and 12 more | 2024-11-21 | 7.0 High |
| sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. | ||||
| CVE-2021-41598 | 1 Github | 1 Enterprise Server | 2024-11-21 | 8.8 High |
| A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2021-41584 | 1 Gradle | 1 Gradle | 2024-11-21 | 7.5 High |
| Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header. | ||||
| CVE-2021-41580 | 1 Passportjs | 1 Passport-oauth2 | 2024-11-21 | 5.3 Medium |
| The passport-oauth2 package before 1.6.1 for Node.js mishandles the error condition of failure to obtain an access token. This is exploitable in certain use cases where an OAuth identity provider uses an HTTP 200 status code for authentication-failure error reports, and an application grants authorization upon simply receiving the access token (i.e., does not try to use the token). NOTE: the passport-oauth2 vendor does not consider this a passport-oauth2 vulnerability | ||||
| CVE-2021-41564 | 1 Tad Honor Project | 1 Tad Honor | 2024-11-21 | 5.3 Medium |
| Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in. | ||||