Search Results (364918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36287 1 Dell 10 Emc Unity Operating Environment, Vnx5200, Vnx5400 and 7 more 2024-11-21 7.3 High
Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.
CVE-2021-36286 1 Dell 1 Supportassist Client Consumer 2024-11-21 7.1 High
Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin.
CVE-2021-36285 1 Dell 42 Latitude 5310 2-in-1, Latitude 5310 2-in-1 Firmware, Latitude 5320 and 39 more 2024-11-21 5.7 Medium
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive NVMe password attempt mitigations in order to carry out a brute force attack.
CVE-2021-36284 1 Dell 42 Latitude 5310 2-in-1, Latitude 5310 2-in-1 Firmware, Latitude 5320 and 39 more 2024-11-21 5.7 Medium
Dell BIOS contains an Improper Restriction of Excessive Authentication Attempts vulnerability. A local authenticated malicious administrator could exploit this vulnerability to bypass excessive admin password attempt mitigations in order to carry out a brute force attack.
CVE-2021-36283 1 Dell 170 Chengming 3990, Chengming 3990 Firmware, Chengming 3991 and 167 more 2024-11-21 7.5 High
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
CVE-2021-36282 1 Dell 1 Emc Powerscale Onefs 2024-11-21 2.5 Low
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions.
CVE-2021-36281 1 Dell 1 Emc Powerscale Onefs 2024-11-21 7.5 High
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate privileges.
CVE-2021-36280 1 Dell 1 Emc Powerscale Onefs 2024-11-21 7.8 High
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.
CVE-2021-36279 1 Dell 1 Emc Powerscale Onefs 2024-11-21 7.8 High
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster.
CVE-2021-36278 1 Dell 1 Emc Powerscale Onefs 2024-11-21 8.1 High
Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well.
CVE-2021-36277 1 Dell 3 Alienware Command Center Application, Command \| Update, Update\/alienware Update 2024-11-21 7.8 High
Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. A local authenticated malicious user may exploit this vulnerability by executing arbitrary code on the system.
CVE-2021-36276 1 Dell 1 Dbutildrv2.sys Firmware 2024-11-21 8.8 High
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
CVE-2021-36235 1 Ivanti 1 Workspace Control 2024-11-21 7.8 High
An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. As a result, the attacker can start applications with elevated privileges.
CVE-2021-36234 1 Unit4 1 Mik.starlight 2024-11-21 5.5 Medium
Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors.
CVE-2021-36233 1 Unit4 1 Mik.starlight 2024-11-21 6.5 Medium
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.
CVE-2021-36232 1 Unit4 1 Mik.starlight 2024-11-21 8.8 High
Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges.
CVE-2021-36231 1 Unit4 1 Mik.starlight 2024-11-21 8.8 High
Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects.
CVE-2021-36230 1 Hashicorp 1 Terraform 2024-11-21 8.8 High
HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. Fixed in v202107-1.
CVE-2021-36224 1 Westerndigital 2 My Cloud Os, My Cloud Pr4100 2024-11-21 9.8 Critical
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
CVE-2021-36222 5 Debian, Mit, Netapp and 2 more 8 Debian Linux, Kerberos 5, Active Iq Unified Manager and 5 more 2024-11-21 7.5 High
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.