Search Results (363371 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-28156 1 Hashicorp 1 Consul 2024-11-21 7.5 High
HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.
CVE-2021-28155 1 Jbl 2 Tune500bt, Tune500bt Firmware 2024-11-21 6.5 Medium
The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown a device by flooding the target device with LMP Feature Response data.
CVE-2021-28154 1 Camunda 1 Modeler 2024-11-21 9.1 Critical
Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured the app is that it does not allow any remote scripts to be opened, no unsafe scripts to be evaluated, no remote sites to be browsed.
CVE-2021-28153 5 Broadcom, Debian, Fedoraproject and 2 more 5 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 2 more 2024-11-21 5.3 Medium
An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.)
CVE-2021-28152 1 Hongdian 2 H8922, H8922 Firmware 2024-11-21 9.8 Critical
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.
CVE-2021-28151 1 Hongdian 2 H8922, H8922 Firmware 2024-11-21 8.8 High
Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.
CVE-2021-28150 1 Hongdian 2 H8922, H8922 Firmware 2024-11-21 5.5 Medium
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
CVE-2021-28149 1 Hongdian 2 H8922, H8922 Firmware 2024-11-21 6.5 Medium
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
CVE-2021-28148 1 Grafana 1 Grafana 2024-11-21 7.5 High
One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 is accessible without any authentication. This allows any unauthenticated user to send an unlimited number of requests to the endpoint, leading to a denial of service (DoS) attack against a Grafana Enterprise instance.
CVE-2021-28147 1 Grafana 1 Grafana 2024-11-21 6.5 Medium
The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service and having the EditorsCanAdmin feature enabled, this vulnerability allows any authenticated user to add external groups to any existing team. This can be used to grant a user team permissions that the user isn't supposed to have.
CVE-2021-28146 1 Grafana 1 Grafana 2024-11-21 6.5 Medium
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issue. On Grafana instances using an external authentication service, this vulnerability allows any authenticated user to add external groups to existing teams. This can be used to grant a user team permissions that the user isn't supposed to have.
CVE-2021-28145 1 Concretecms 1 Concrete Cms 2024-11-21 5.4 Medium
Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.
CVE-2021-28144 1 Dlink 2 Dir-3060, Dir-3060 Firmware 2024-11-21 8.8 High
prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely.
CVE-2021-28143 1 Dlink 2 Dir-841, Dir-841 Firmware 2024-11-21 8.0 High
/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools).
CVE-2021-28142 1 Citsmart 1 Citsmart 2024-11-21 8.8 High
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."
CVE-2021-28139 1 Espressif 2 Esp-idf, Esp32 2024-11-21 8.8 High
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield payload.
CVE-2021-28136 1 Espressif 2 Esp-idf, Esp32 2024-11-21 6.5 Medium
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing attackers in radio range to trigger memory corruption (and consequently a crash) in ESP32 via a replayed (duplicated) LMP packet.
CVE-2021-28135 1 Espressif 1 Esp-idf 2024-11-21 6.5 Medium
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service (crash) in ESP32 by flooding the target device with LMP Feature Response data.
CVE-2021-28134 1 Clipper Project 1 Clipper 2024-11-21 9.8 Critical
Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API.
CVE-2021-28133 1 Zoom 1 Zoom 2024-11-21 4.3 Medium
Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue.