CVE-2021-21526
Dell PowerScale OneFS 8.1.0 – 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.
Source: CVE-2021-21526
[월:] 2021년 04월
CVE-2020-26197
CVE-2020-26197
Dell PowerScale OneFS 8.1.0 – 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: This does not affect clusters which are not relying on an LDAP server for the authentication provider.
Source: CVE-2020-26197
CVE-2021-1079
CVE-2021-1079
NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation.
Source: CVE-2021-1079
CVE-2021-28492
CVE-2021-28492
Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.1.037.0 stores Passwords in a Recoverable Format.
Source: CVE-2021-28492
CVE-2021-29155
CVE-2021-29155
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.
Source: CVE-2021-29155
CVE-2021-28156
CVE-2021-28156
HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.
Source: CVE-2021-28156
CVE-2021-30496
CVE-2021-30496
The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework.
Source: CVE-2021-30496
CVE-2020-25864
CVE-2020-25864
HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.
Source: CVE-2020-25864
CVE-2020-14105
CVE-2020-14105
The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15.
Source: CVE-2020-14105
CVE-2021-28793
CVE-2021-28793
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
Source: CVE-2021-28793