Export limit exceeded: 80704 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80704 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28131 | 1 Apache | 1 Impala | 2024-11-21 | 7.5 High |
| Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the attacker is able to execute statements for which they don't have the necessary privileges otherwise. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. Mitigation: If an Impala deployment uses Apache Sentry, Apache Ranger or audit logging, then users should upgrade to a version of Impala with the fix for IMPALA-10600. The Impala 4.0 release includes this fix. This hides session secrets from the logs to eliminate the risk of any attack using this mechanism. In lieu of an upgrade, restricting access to logs that expose secrets will reduce the risk of an attack. Restricting access to the Impala deployment to trusted users will also reduce the risk of an attack. Log redaction techniques can be used to redact secrets from the logs. | ||||
| CVE-2021-28130 | 2 Drweb, Microsoft | 2 Security Space, Windows | 2024-11-21 | 7.8 High |
| Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters. | ||||
| CVE-2021-28129 | 1 Apache | 1 Openoffice | 2024-11-21 | 7.8 High |
| While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice. | ||||
| CVE-2021-28128 | 1 Strapi | 1 Strapi | 2024-11-21 | 8.1 High |
| In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password. | ||||
| CVE-2021-28127 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 7.5 High |
| An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. | ||||
| CVE-2021-28117 | 1 Kde | 1 Discover | 2024-11-21 | 7.5 High |
| libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.) | ||||
| CVE-2021-28112 | 1 Draeger | 4 X-dock 5300, X-dock 6300, X-dock 6600 and 1 more | 2024-11-21 | 8.8 High |
| Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker. | ||||
| CVE-2021-28111 | 1 Draeger | 4 X-dock 5300, X-dock 6300, X-dock 6600 and 1 more | 2024-11-21 | 8.8 High |
| Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker. | ||||
| CVE-2021-28110 | 1 Compassplus | 1 Tranzware E-commerce Payment Gateway | 2024-11-21 | 7.5 High |
| /exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. | ||||
| CVE-2021-28098 | 1 Forescout | 1 Counteract | 2024-11-21 | 7.8 High |
| An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for the Everyone group. Using a symbolic link allows an attacker to point the log file to a privileged location such as %WINDIR%\System32. The resulting log file adopts the file permissions of the source of the symbolic link (in this case, the Everyone group). The log file in System32 can be replaced and renamed with a malicious DLL for DLL hijacking. | ||||
| CVE-2021-28092 | 2 Is-svg Project, Redhat | 3 Is-svg, Acm, Openshift | 2024-11-21 | 7.5 High |
| The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time. | ||||
| CVE-2021-28091 | 4 Debian, Entrouvert, Fedoraproject and 1 more | 4 Debian Linux, Lasso, Fedora and 1 more | 2024-11-21 | 7.5 High |
| Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. | ||||
| CVE-2021-28089 | 2 Fedoraproject, Torproject | 2 Fedora, Tor | 2024-11-21 | 7.5 High |
| Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. | ||||
| CVE-2021-28075 | 1 Ikuai8 | 1 Ikuaios | 2024-11-21 | 7.5 High |
| iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information. | ||||
| CVE-2021-28053 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters. | ||||
| CVE-2021-28042 | 1 Deutschepost | 1 Mailoptimizer | 2024-11-21 | 7.8 High |
| Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution. | ||||
| CVE-2021-28041 | 4 Fedoraproject, Netapp, Openbsd and 1 more | 11 Fedora, Cloud Backup, Hci Compute Node and 8 more | 2024-11-21 | 7.1 High |
| ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. | ||||
| CVE-2021-28040 | 1 Ossec | 1 Ossec | 2024-11-21 | 7.5 High |
| An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached. | ||||
| CVE-2021-28036 | 1 Quinn Project | 1 Quinn | 2024-11-21 | 7.5 High |
| An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures. | ||||
| CVE-2021-28030 | 1 Truetype Project | 1 Truetype | 2024-11-21 | 7.5 High |
| An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes. | ||||