4651 matches found
CVE-2021-33542
Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The...
VMware Workstation Tools Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VGAuthService...
jenkins-2-plugins/config-file-provider: Does not perform permission checks in several HTTP endpoints.
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not perform permission checks in several HTTP endpoints, as a consequence an attacker with Overall/Read permission is allowed to enumerate configuration file IDs...
Cisco Webex Network Recording Player and Cisco Webex Player DLL Injection (cisco-sa-webex-dll-inject-XNmcSGTU)
According to its self-reported version, Cisco Webex Network Recording Player is affected by an dll injection vulnerability due to incorrect handling of directory paths at run time. An authenticated, local attacker can exploit this, by inserting a configuration file in a specific path in the syste...
Cisco Webex Meetings DLL Injection (cisco-sa-webex-dll-inject-XNmcSGTU)
According to its self-reported version, Cisco Webex Meetings is affected by an dll injection vulnerability due to incorrect handling of directory paths at run time. An authenticated, local attacker can exploit this, by inserting a configuration file in a specific path in the system, to execute...
Cisco Webex Teams for Windows DLL Injection (cisco-sa-webex-dll-inject-XNmcSGTU)
According to its self-reported version, Cisco Webex Teams for Windows is affected by an dll injection vulnerability due to incorrect handling of directory paths at run time. An authenticated, local attacker can exploit this, by inserting a configuration file in a specific path in the system, to...
CVE-2021-22759
A CWE-416: Use after free vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition...
CVE-2021-22755
A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition...
CVE-2021-22756
A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition...
CVE-2021-31659
TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery CSRF. All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the passwo...
CVE-2021-30357
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access...
Design/Logic Flaw
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access...
CVE-2021-30357
CVE-2021-30357 affects SSL Network Extender Client for Linux prior to build 800008302. The SNX binary runs with root privileges and can disclose parts of the supplied SNX config file, enabling partial exposure of files the user should not access (e.g., sensitive system contents). Public PoCs demo...
Schneider Electric IGSS 缓冲区错误漏洞
The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds read vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...
IGSS Definition 路径遍历漏洞
The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. A remote code execution vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...
Schneider Electric IGSS 缓冲区错误漏洞
The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds write vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...
Design/Logic Flaw
A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this...
CVE-2021-1536 Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability
A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this...
Cisco Webex Meetings, Webex Network Recording Player, and Webex Teams DLL Injection Vulnerability
A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. To exploit this...
CVE-2021-23021
CVE-2021-23021 affects NGINX Controller 3.x prior to 3.7.0. The vulnerability arises from the agent configuration file /etc/controller-agent/agent.conf being world-readable (644), enabling local attackers to access sensitive data (e.g., API keys). Remediation per multiple sources: upgrade to NGIN...