CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2021/07/15 9:15 a.m.•14 views

Design/Logic Flaw

6.5CVSS8.5AI score0.01051EPSS

CVE•added 2021/07/15 8:55 a.m.•54 views

CVE-2021-25318

The CVE-2021-25318 issue affects Rancher where an Incorrect Permission Assignment for Critical Resource vulnerability allows cluster users to modify resources beyond their access. It impacts Rancher versions prior to 2.5.9 and prior to 2.4.16. The root cause is improper permission scope handling ...

8.8CVSS8.6AI score0.01051EPSS

BDU FSTEC•added 2021/07/13 12:0 a.m.•5 views

The vulnerability of the relay_open function in the kernel/relay.c file of the Linux operating system, related to pointer arithmetic errors, allows attackers to cause a service failure.

The vulnerability of the relayopen function in the kernel/relay.c file of the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.0046EPSS

Exploits0References39Affected Software3

Zero Day Initiative•added 2021/07/13 12:0 a.m.•59 views

Trend Micro Apex One Incorrect Permission Assignment Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists withi...

6.1CVSS3.4AI score0.00355EPSS

ICS•added 2021/07/13 12:0 a.m.•60 views

Siemens SIMATIC Software Products (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low attack complexity Vendor : Siemens Equipment : SIMATIC Software Products Vulnerability : Incorrect Permission Assignment for Critical Resource 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-194-06...

8.8CVSS8.8AI score0.00228EPSS

Exploits0References11

CNNVD•added 2021/07/09 12:0 a.m.•6 views

Trend Micro Apex One 访问控制错误漏洞

Trend Micro Apex One is a suite of endpoint security protection software from Trend Micro that provides automated threat detection and response capabilities. An access control error vulnerability exists in Trend Micro Apex One. The vulnerability stems from incorrect privilege assignment. A local...

7.8CVSS7.5AI score0.00355EPSS

Exploits0References6

NVD•added 2021/07/07 2:15 p.m.•15 views

CVE-2021-32526

Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager allows authenticated remote attackers to access arbitrary password files. Suggest contacting with QSAN and refer to recommendations in QSAN Document...

6.5CVSS0.00943EPSS

Prion•added 2021/07/07 2:15 p.m.•12 views

Design/Logic Flaw

4CVSS6.6AI score0.00943EPSS

CVE•added 2021/07/07 2:12 p.m.•55 views

CVE-2021-32526

QSAN Storage Manager is affected by an authorization issue in which permissions are misassigned on critical resource management, allowing authenticated remote attackers to access arbitrary password files. Public sources (CNVD/NVD) indicate impact prior to version 3.3.1 (build 202101041800). The r...

6.5CVSS6.6AI score0.00943EPSS

Cvelist•added 2021/07/07 2:12 p.m.•21 views

CVE-2021-32526 QSAN Storage Manager - Incorrect Permission Assignment for Critical Resource

6.5CVSS6.8AI score0.00943EPSS

CNVD•added 2021/07/05 12:0 a.m.•9 views

File upload vulnerability in Exam Hall Management System (CNVD-2021-51846)

Exam Hall Management System is a PHP project that automates the process of exam assignment and seating arrangements. A file upload vulnerability exists in Exam Hall Management System, which can be exploited by an attacker to upload a webshell and gain server privileges...

7.3AI score

CNVD•added 2021/07/05 12:0 a.m.•10 views

File Upload Vulnerability in Exam Hall Management System

7.3AI score

CNVD•added 2021/07/02 12:0 a.m.•10 views

CoolCollege has an information breach

CoolCollege is a course service platform tailored for various companies. The software enhances learning efficiency and more through 36 scenarios such as course creation, assignment tracking, data analysis, and job certification. An information disclosure vulnerability exists in CoolCollege, which...

6.5AI score

Github Security Blog•added 2021/06/23 5:52 p.m.•58 views

Incorrect Permission Assignment for Critical Resource in Hashicorp Consul

HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. Specific Go Packages Affected github.com/hashicorp/consul/agent/structs...

5.3CVSS5.5AI score0.01552EPSS

Exploits0References7Affected Software1

OSV•added 2021/06/23 5:52 p.m.•15 views

GHSA-HWQM-X785-QH8P Incorrect Permission Assignment for Critical Resource in Hashicorp Consul

5.3CVSS5.1AI score0.01552EPSS

Exploits0References6

CVE•added 2021/06/22 6:53 p.m.•60 views

CVE-2021-22382

CVE-2021-22382 concerns Huawei LTE USB Dongle products (e.g., E3372, E3372h-153, CPU-V200R002B333D01SP00C00) with an improper permission assignment vulnerability. The root cause is flawed permission handling that allows a local attacker to access a PC and persuade a user to install a specially cr...

6.5CVSS6.4AI score0.00175EPSS

Tenable Nessus•added 2021/06/18 12:0 a.m.•17 views

Rails Mass Assignment

Ruby On Rails is a popular framework used to build web applications based on the Model-View-Controller MVC architectural pattern. A mass assignment vulnerability occurs when an application automatically performs the mapping between a request parameters and a model attributes. This vulnerability c...

7.2AI score

Exploits0References3

Zero Day Initiative•added 2021/06/17 12:0 a.m.•62 views

Fortinet FortiClient Incorrect Permission Assignment Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient on Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS5AI score0.00426EPSS