CVE-2021-28269
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
Source: CVE-2021-28269
[월:] 2021년 04월
CVE-2021-30642
CVE-2021-30642
An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges.
Source: CVE-2021-30642
CVE-2021-22660
CVE-2021-22660
CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
Source: CVE-2021-22660
CVE-2021-28271
CVE-2021-28271
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the ‘F’ flag (Full) for ‘Everyone’and ‘Authenticated Users’ group.
Source: CVE-2021-28271
CVE-2021-22664
CVE-2021-22664
CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
Source: CVE-2021-22664
CVE-2021-27480
CVE-2021-27480
Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute remote code.
Source: CVE-2021-27480
CVE-2020-35542
CVE-2020-35542
Unisys Data Exchange Management Studio through 5.0.34 doesn’t sanitize the input to a HTML document field. This could be used for an XSS attack.
Source: CVE-2020-35542
CVE-2021-28125
CVE-2021-28125
Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.
Source: CVE-2021-28125
CVE-2020-17517
CVE-2020-17517
The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release. Improper Authorization vulnerability in __COMPONENT__ of Apache Ozone allows an attacker to __IMPACT__. This issue affects Apache Ozone Apache Ozone version 1.0.0 and prior versions.
Source: CVE-2020-17517
CVE-2019-25042
CVE-2019-25042
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.
Source: CVE-2019-25042