Search Results (363866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36782 1 Suse 1 Rancher 2024-11-21 9.9 Critical
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.
CVE-2021-36781 1 Opensuse 1 Factory 2024-11-21 5.9 Medium
A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.
CVE-2021-36780 1 Linuxfoundation 1 Longhorn 2024-11-21 8.1 High
A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3v.
CVE-2021-36779 1 Linuxfoundation 1 Longhorn 2024-11-21 9.6 Critical
A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3.
CVE-2021-36778 1 Suse 1 Rancher 2024-11-21 7.3 High
A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.
CVE-2021-36777 1 Opensuse 1 Open Build Service 2024-11-21 8.1 High
A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef.
CVE-2021-36776 1 Rancher 1 Rancher 2024-11-21 8.8 High
A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10.
CVE-2021-36775 1 Rancher 1 Rancher 2024-11-21 8.8 High
a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3.
CVE-2021-36774 1 Apache 1 Kylin 2024-11-21 6.5 Medium
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.
CVE-2021-36773 4 Debian, Sciruby, Ublockorigin and 1 more 4 Debian Linux, Nmatrix, Ublock Origin and 1 more 2024-11-21 7.5 High
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality).
CVE-2021-36772 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-21 6.1 Medium
Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.
CVE-2021-36771 1 Zohocorp 1 Manageengine Admanager Plus 2024-11-21 6.1 Medium
Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.
CVE-2021-36769 1 Telegram 2 Telegram, Telegram Desktop 2024-11-21 5.3 Medium
A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.
CVE-2021-36767 1 Digi 37 6350-sr, 6350-sr Firmware, Cm and 34 more 2024-11-21 9.8 Critical
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.
CVE-2021-36766 1 Concretecms 1 Concrete Cms 2024-11-21 7.2 High
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.
CVE-2021-36765 1 Codesys 1 Ethernetip 2024-11-21 7.5 High
In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime system.
CVE-2021-36764 1 Codesys 1 Gateway 2024-11-21 7.5 High
In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Crafted communication requests may cause a Null pointer dereference in the affected CODESYS products and may result in a denial-of-service condition.
CVE-2021-36763 1 Codesys 7 Control, Control Rte, Control Runtime System Toolkit and 4 more 2024-11-21 7.5 High
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
CVE-2021-36762 1 Hcc-embedded 1 Nichestack 2024-11-21 7.5 High
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet buffer (if no '\0' byte exists within a reasonable range).
CVE-2021-36761 1 Qlik 1 Qlik Sense 2024-11-21 5.3 Medium
The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF.