CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

754 matches found

CNNVD•added 2021/11/19 12:0 a.m.•3 views

Quagga 后置链接漏洞

Quagga is a routing software suite from the individual developer Kunihiro Ishiguro in the United States. The suite implements protocols such as OSPFv2, OSPFv3, and RIP v1/v2 on a variety of platforms, and provides route redistribution, route mapping, and other features. Quagga suffers from a...

7.8CVSS7.4AI score0.00195EPSS

Exploits1References5

OPENSUSE Linux•added 2021/10/25 12:0 a.m.•64 views

Security update for containerd, docker, runc (important)

openSUSE Security Update: Security update for containerd, docker, runc Announcement ID: openSUSE-SU-2021:3506-1 Rating: important References: 1102408 1185405 1187704 1188282 1190826 1191015 1191121 1191334 1191355 1191434 Cross-References: CVE-2021-30465 CVE-2021-32760 CVE-2021-41089 CVE-2021-410...

8.4CVSS6.5AI score0.04746EPSS

Exploits5References10

CNVD•added 2021/10/12 12:0 a.m.•6 views

rConfig chmod Command Insecure Privilege Vulnerability

rConfig is an open source network device configuration management utility . An insecure privilege vulnerability exists in the chmod command in rConfig version 3.9.6. The vulnerability stems from the fact that after installing rConfig, an apache user can execute chmod as root without a password,...

9CVSS7.3AI score0.00054EPSS

Exploits1References1

OSV•added 2021/10/11 1:15 p.m.•2 views

CVE-2021-29005

Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server...

8.8CVSS5.8AI score0.00054EPSS

Exploits1References2

Prion•added 2021/10/11 1:15 p.m.•12 views

Command injection

9CVSS9AI score0.00054EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/10/11 12:4 p.m.•10 views

CVE-2021-29005

9.3AI score0.00054EPSS

Exploits1References2

CVE•added 2021/10/11 12:4 p.m.•48 views

CVE-2021-29005

CVE-2021-29005 affects the rConfig server (version 3.9.6). The root cause is an insecure permission setup around the chmod command, allowing an Apache user to run chmod as root without a password after installation. This can let a low-privilege attacker gain root access on the server. The connect...

9CVSS9.1AI score0.00054EPSS

Exploits1References2Affected Software1

CNNVD•added 2021/10/11 12:0 a.m.•1 views

rConfig 安全漏洞

9CVSS8AI score0.00054EPSS

Exploits1References3

Cvelist•added 2021/10/04 8:20 p.m.•31 views

CVE-2021-41089 `docker cp` allows unexpected chmod of host files

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem,...

2.8CVSS7AI score0.00031EPSS

Exploits0References5

Veracode•added 2021/09/12 1:17 a.m.•23 views

Privilege Escalation

systemd-cron:sid is vulnerable to privilege escalation. In the cron package, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs...

6.7CVSS5AI score0.00063EPSS

Exploits0References6Affected Software3

OSV•added 2021/04/08 2:15 p.m.•11 views

CVE-2021-30463

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a...

7.8CVSS7.2AI score

Exploits0References1

Prion•added 2021/04/08 2:15 p.m.•18 views

Default credentials

7.2CVSS7.8AI score0.00056EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/04/08 1:54 p.m.•10 views

CVE-2021-30463

8.1AI score0.00056EPSS

Exploits1References1

CVE•added 2021/04/08 1:54 p.m.•47 views

CVE-2021-30463

VestaCP

7.8CVSS7.8AI score0.00056EPSS

Exploits1References1Affected Software1

CNNVD•added 2021/03/25 12:0 a.m.•2 views

ClusterLabs Hawk 安全漏洞

ClusterLabs Hawk is a ClusterLabs open source application. It is used to manage and monitor Pacemaker HA clusters. ClusterLabs Hawk has a security vulnerability that allows an attacker to bypass access restrictions to read or modify data using chmod...

7.8CVSS7.3AI score0.00028EPSS

Exploits1References3

GithubExploit•added 2021/03/18 12:22 a.m.•119 views

Exploit for SQL Injection in Icegram Email_Subscribers_\&_Newsletters

CVE-2019-20361-EXPLOIT There was a flaw in the WordPress plugi...

9.8CVSS8.6AI score0.2812EPSS

Exploits7

CNVD•added 2020/07/06 12:0 a.m.•1 views

Unspecified Vulnerability in SolarWinds Serv-U FTP Server

SolarWinds Serv-U FTP Server is a set of U.S. SolarWinds FTP and MFT file transfer software. A security vulnerability exists in SolarWinds Serv-U FTP Server versions prior to 15.2.1 that stems from the server not properly handling CHMOD commands, no details of the vulnerability are provided at th...

9.8CVSS6.8AI score0.04449EPSS

Exploits0References1

OSV•added 2020/07/05 10:15 p.m.•2 views

CVE-2020-15542

SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command...

9.8CVSS7.3AI score0.04449EPSS

Exploits0References1