CVE-2021-39908
In all versions of GitLab CE/EE, certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI.
Source: CVE-2021-39908
[월:] 2022년 04월
CVE-2021-3847
CVE-2021-3847
An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.
Source: CVE-2021-3847
CVE-2021-3461
CVE-2021-3461
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
Source: CVE-2021-3461
CVE-2022-0373
CVE-2022-0373
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address
Source: CVE-2022-0373
CVE-2021-33022
CVE-2021-33022
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Source: CVE-2021-33022
CVE-2021-33024
CVE-2021-33024
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.
Source: CVE-2021-33024
CVE-2021-32976
CVE-2021-32976
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.
Source: CVE-2021-32976
CVE-2021-32953
CVE-2021-32953
An attacker could utilize SQL commands to create a new user MDT AutoSave versions prior to v6.02.06 and update the user’s permissions, granting the attacker the ability to login.
Source: CVE-2021-32953
CVE-2021-26624
CVE-2021-26624
An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.
Source: CVE-2021-26624
CVE-2021-27497
CVE-2021-27497
Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Source: CVE-2021-27497