CWE:
 

Topic
Date
Author
Med.
Trend Micro ServerProtect Disclosure / CSRF / XSS
26.05.2017
Multiple
Med.
Cisco Firepower Threat Management Console Local File Inclusion
06.10.2016
Matt Bergin
High
PLANET IP LFI / CSRF / XSS / Authentication Bypass
17.05.2016
Orwelllabs
High
Arris DG1670A Cable Modem Remote Command Execution
14.02.2016
Matt Bergin
Med.
SAP Business Objects Unauthorized File Repository Server Read
26.02.2015
Onapsis
Med.
SAP Business Objects Unauthorized File Repository Server Write
26.02.2015
Onapsis


CVEMAP Search Results

CVE
Details
Description
2021-10-22
Waiting for details
CVE-2021-38475

Updating...
 

 
The database connection to the server is performed by calling a specific API, which could allow an unprivileged user to gain SYSDBA permissions.

 
Waiting for details
CVE-2021-38477

Updating...
 

 
There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files.

 
2021-10-18
Low
CVE-2021-36097

Vendor: OTRS
Software: OTRS
 

 
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.

 
2021-10-08
Medium
CVE-2021-41974

Vendor: Tad book3 project
Software: Tad book3
 

 
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.

 
2021-10-06
Low
CVE-2021-34758

Vendor: Cisco
Software: Telepresence...
 

 
A vulnerability in the memory management of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to corrupt a shared memory segment, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient access controls to a shared memory resource. An attacker could exploit this vulnerability by corrupting a shared memory segment on an affected device. A successful exploit could allow the attacker to cause the device to reload. The device will recover from the corruption upon reboot.

 
2021-10-05
Low
CVE-2021-39889

Vendor: Gitlab
Software: Gitlab
 

 
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.

 
2021-10-04
Low
CVE-2021-39868

Vendor: Gitlab
Software: Gitlab
 

 
In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.

 
2021-10-01
Medium
CVE-2021-3747

Updating...
 

 
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.

 
Medium
CVE-2020-21014

Vendor: Emlog
Software: Emlog
 

 
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.

 
2021-09-23
Medium
CVE-2021-41428

Vendor: Datev
Software: Framework li...
 

 
Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14.1 allows attacker to escalate privileges via insufficient configuration of service components.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top