Total
1004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33509 | 1 Plone | 1 Plone | 2021-05-24 | 8.5 HIGH | 9.9 CRITICAL |
| Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | |||||
| CVE-2018-12979 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2021-05-20 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM. | |||||
| CVE-2021-20996 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2021-05-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. | |||||
| CVE-2021-31902 | 1 Jetbrains | 1 Youtrack | 2021-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly. | |||||
| CVE-2021-31907 | 1 Jetbrains | 1 Teamcity | 2021-05-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. | |||||
| CVE-2021-32101 | 1 Open-emr | 1 Openemr | 2021-05-11 | 6.4 MEDIUM | 8.2 HIGH |
| The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/_machine_config.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulate and read data of every registered patient. | |||||
| CVE-2021-22669 | 1 Advantech | 1 Webaccess\/scada | 2021-05-07 | 9.0 HIGH | 8.8 HIGH |
| Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system. | |||||
| CVE-2021-20326 | 1 Mongodb | 1 Mongodb | 2021-05-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to performing a specific type of find query may trigger a denial of service. This issue affects: MongoDB Inc. MongoDB Server v4.4 versions prior to 4.4.4. | |||||
| CVE-2018-13412 | 1 Zohocorp | 1 Manageengine Desktop Central | 2021-04-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version. | |||||
| CVE-2018-13411 | 1 Zohocorp | 1 Manageengine Desktop Central | 2021-04-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed in 10.0.470 agent version. | |||||
| CVE-2021-28646 | 1 Trendmicro | 2 Apex One, Officescan | 2021-04-14 | 2.1 LOW | 5.5 MEDIUM |
| An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations. | |||||
| CVE-2021-28645 | 1 Trendmicro | 2 Apex One, Officescan | 2021-04-14 | 7.2 HIGH | 7.8 HIGH |
| An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-10642 | 1 Rockwellautomation | 1 Rslinx Classic | 2021-04-02 | 7.2 HIGH | 7.8 HIGH |
| In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. | |||||
| CVE-2017-15288 | 1 Scala-lang | 1 Scala | 2021-03-30 | 7.2 HIGH | 7.8 HIGH |
| The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges. | |||||
| CVE-2020-17490 | 2 Debian, Saltstack | 2 Debian Linux, Salt | 2021-03-30 | 2.1 LOW | 5.5 MEDIUM |
| The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. | |||||
| CVE-2020-24263 | 1 Portainer | 1 Portainer | 2021-03-23 | 6.5 MEDIUM | 8.8 HIGH |
| Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host. | |||||
| CVE-2019-18255 | 1 Ge | 1 Ifix | 2021-02-24 | 2.1 LOW | 5.5 MEDIUM |
| HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation. | |||||
| CVE-2019-18243 | 1 Ge | 1 Ifix | 2021-02-24 | 2.1 LOW | 5.5 MEDIUM |
| HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation. | |||||
| CVE-2020-8029 | 1 Suse | 1 Caas Platform | 2021-02-19 | 2.1 LOW | 4.0 MEDIUM |
| A Incorrect Permission Assignment for Critical Resource vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to gain access to the kublet key. This issue affects: SUSE CaaS Platform 4.5 skuba versions prior to https://github.com/SUSE/skuba/pull/1416. | |||||
| CVE-2020-26196 | 1 Dell | 1 Emc Powerscale Onefs | 2021-02-12 | 2.1 LOW | 5.5 MEDIUM |
| Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location. | |||||