CVE-2021-39913

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...

CVE-2021-39913

Technical details (affected products, versions, root cause, exploits) are not publicly provided in the supplied documents. Monitor for updates from vendors and security feeds to confirm precise impact and remediation for CVE-2021-39913.

CVE-2021-39913

Removed by vendor...

Tencent Classroom Has Janus Android Signature Vulnerability

Tencent Classroom is a professional online education platform launched by Tencent. Tencent Classroom has a Janus Android signature vulnerability, which can be exploited by an attacker to obtain system root privileges...

Tencent Guangdong Mahjong suffers from Janus Android signature vulnerability

Tencent Guangdong Mahjong is Tencent's first Guangdong Mahjong game. Tencent Guangdong Mahjong has a Janus Android signature vulnerability, which can be exploited by attackers to obtain system root privileges...

WeChat Phonebook suffers from Janus Android signature vulnerability

WeChat Phonebook is an intelligent communication enhancement software created by Tencent. WeChat Phonebook suffers from a Janus Android signature vulnerability. Attackers can use the vulnerability to obtain system root privileges...

Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path

Exploit Title: Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path Discovery by: Alan Mondragon Discovery Date: 2021-03-16 Vendor Homepage: https://www.security.honeywell.com/product-repository/winpak Software Links : https://www.security.honeywell.com/product-repository/winpak WinPackPr...

Binary Vulnerability in Cisco rv130w

Cisco is a leading global provider of networking solutions. A binary vulnerability exists in Cisco rv130w, which could allow an attacker to gain system root privileges by constructing rop under authentication...

CVE-2020-5803

Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root...

Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path

Exploit Title: Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path Discovery by: Carlos Roa Discovery Date: 2020-11-07 Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home Tested Version: 5.1.0.8 Vulnerability Type: Unquoted Service Path Tested on O...

CoDeSys V3 CmpRouter and CmpRouterEmbedded Integer Overflow (CVE-2019-5105)

An integer overflow vulnerability exists in CoDeSys V3 CmpRouter and CmpRouterEmbedded components. The vulnerability is due to improper validation of user-supplied data. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted message to the target server. Successf...

AVAST SecureLine 5.5.522.0 Unquoted Service Path

Exploit Title: AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-24 Vendor Homepage:https://www.avast.com/ Software Link :https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx Tested Version: 5.5.522.0...

Deep Instinct Windows Agent 1.2.29.0 - (DeepMgmtService) Unquoted Service Path Vulnerability

Exploit Title: Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path Discovery by: Oscar Flores Vendor Homepage: https://www.deepinstinct.com/ Software Links :...

CVE-2019-18245

Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application...

CVE-2019-18245

The CVE-2019-18245 entry relates to Reliable Controls LicenseManager, affected in versions 3.4 and prior. The underlying issue is an unquoted search path/element that a logged-in (authenticated) user can exploit to insert malicious code into the system root path, enabling local code execution wit...

Reliable Controls LicenseManager Code Issue Vulnerability

RC-LicenseManager is a credential manager. A code issue vulnerability exists in Reliable Controls LicenseManager. The vulnerability arises from an issue with improper design during code development for a networked system or product. An attacker could use this vulnerability to insert malicious cod...

NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths

NCPSecureEntryClient 9.2 - Unquoted Service Paths Exploit Title: NCPSecureEntryClient 9.2 - Unquoted Service Paths Date: 2019-11-17 Exploit Author: Akif Mohamed Ik Vendor Homepage: http://software.ncp-e.com/ Software Link: http://software.ncp-e.com/NCPSecureEntryClient/Windows/9.2x/ Version: 9.2x...

IObit Uninstaller 9.1.0.8 - IObitUnSvr Unquoted Service Path

IObit Uninstaller 9.1.0.8 - IObitUnSvr Unquoted Service Path Title: IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path Author: Sainadh Jamalpur Date: 2019-10-22 Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/en/advanceduninstaller.php Version : 9.1.0.8...

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.

Summary IBM DB2 is shipped with IBM License Metric Tool. Information about a security vulnerabilities affecting IBM DB2 has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-4322 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server is vulnerable ...

UBUNTU-CVE-2018-12608

An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...