Lucene search
K

127 matches found

Tenable Nessus
Tenable Nessus
added 2022/04/20 12:0 a.m.37 views

GitLab < 14.2.6 (CVE-2021-39913)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before...

7.2CVSS6.5AI score0.00279EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2022/02/18 12:0 a.m.329 views

Wondershare UBackit 2.0.5 - &#039;wsbackup&#039; Unquoted Service Path

Exploit Title: Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-17 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/ubackitfull8767.exe Tested Version: 2.0.5 Vulnerability Type: Unquoted...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/12/30 10:15 p.m.2 views

CVE-2021-44466

Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw due to improper access controls. When the software is installed with a non-default installation directory off of the system root, the installer fails to properly set ACLs. This allows lower privileged users to replace the VPN...

7.3CVSS7.1AI score0.00398EPSS
Exploits0References2
OSV
OSV
added 2021/11/05 12:15 a.m.20 views

CVE-2021-39913

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...

6.7CVSS6.4AI score0.00279EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/11/05 12:15 a.m.20 views

CVE-2021-39913

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...

7.2CVSS6.7AI score0.00279EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/04 11:8 p.m.30 views

CVE-2021-39913

Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker with local file system access to obtain system root-level privileges...

4.4CVSS6.8AI score0.00279EPSS
Exploits0References2
CVE
CVE
added 2021/11/04 11:8 p.m.90 views

CVE-2021-39913

Technical details (affected products, versions, root cause, exploits) are not publicly provided in the supplied documents. Monitor for updates from vendors and security feeds to confirm precise impact and remediation for CVE-2021-39913.

7.2CVSS6.1AI score0.00279EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2021/11/04 11:8 p.m.27 views

CVE-2021-39913

Removed by vendor...

7.2CVSS6.6AI score0.00279EPSS
Exploits0
CNVD
CNVD
added 2021/06/22 12:0 a.m.1 views

Tencent Classroom Has Janus Android Signature Vulnerability

Tencent Classroom is a professional online education platform launched by Tencent. Tencent Classroom has a Janus Android signature vulnerability, which can be exploited by an attacker to obtain system root privileges...

7AI score
Exploits0
CNVD
CNVD
added 2021/06/22 12:0 a.m.3 views

Tencent Guangdong Mahjong suffers from Janus Android signature vulnerability

Tencent Guangdong Mahjong is Tencent's first Guangdong Mahjong game. Tencent Guangdong Mahjong has a Janus Android signature vulnerability, which can be exploited by attackers to obtain system root privileges...

7AI score
Exploits0
CNVD
CNVD
added 2021/06/22 12:0 a.m.2 views

WeChat Phonebook suffers from Janus Android signature vulnerability

WeChat Phonebook is an intelligent communication enhancement software created by Tencent. WeChat Phonebook suffers from a Janus Android signature vulnerability. Attackers can use the vulnerability to obtain system root privileges...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2021/03/22 12:0 a.m.326 views

Winpakpro 4.8 - &#039;WPCommandFileService&#039; Unquoted Service Path

Exploit Title: Winpakpro 4.8 - 'WPCommandFileService' Unquoted Service Path Discovery by: Alan Mondragon Discovery Date: 2021-03-16 Vendor Homepage: https://www.security.honeywell.com/product-repository/winpak Software Links : https://www.security.honeywell.com/product-repository/winpak WinPackPr...

7.4AI score
Exploits0
CNVD
CNVD
added 2021/02/05 12:0 a.m.2 views

Binary Vulnerability in Cisco rv130w

Cisco is a leading global provider of networking solutions. A binary vulnerability exists in Cisco rv130w, which could allow an attacker to gain system root privileges by constructing rop under authentication...

7.3AI score
Exploits0
OSV
OSV
added 2020/12/18 9:15 p.m.3 views

CVE-2020-5803

Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root...

8.1CVSS7.4AI score0.01706EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2020/11/09 12:0 a.m.443 views

Canon Inkjet Extended Survey Program 5.1.0.8 - &#039;IJPLMSVC.EXE&#039; - Unquoted Service Path

Exploit Title: Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE' - Unquoted Service Path Discovery by: Carlos Roa Discovery Date: 2020-11-07 Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home Tested Version: 5.1.0.8 Vulnerability Type: Unquoted Service Path Tested on O...

7.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2020/04/19 12:0 a.m.4 views

CoDeSys V3 CmpRouter and CmpRouterEmbedded Integer Overflow (CVE-2019-5105)

An integer overflow vulnerability exists in CoDeSys V3 CmpRouter and CmpRouterEmbedded components. The vulnerability is due to improper validation of user-supplied data. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted message to the target server. Successf...

5CVSS5.1AI score0.02154EPSS
Exploits1
Packet Storm
Packet Storm
added 2020/03/25 12:0 a.m.139 views

AVAST SecureLine 5.5.522.0 Unquoted Service Path

Exploit Title: AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path Discovery by: Roberto Piña Discovery Date: 2020-03-24 Vendor Homepage:https://www.avast.com/ Software Link :https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx Tested Version: 5.5.522.0...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/03/06 12:0 a.m.113 views

Deep Instinct Windows Agent 1.2.29.0 - (DeepMgmtService) Unquoted Service Path Vulnerability

Exploit Title: Deep Instinct Windows Agent 1.2.29.0 - 'DeepMgmtService' Unquoted Service Path Discovery by: Oscar Flores Vendor Homepage: https://www.deepinstinct.com/ Software Links :...

0.3AI score
Exploits0
OSV
OSV
added 2019/12/11 11:15 p.m.3 views

CVE-2019-18245

Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application...

7.8CVSS5.9AI score0.004EPSS
Exploits0References1
CVE
CVE
added 2019/12/11 10:17 p.m.77 views

CVE-2019-18245

The CVE-2019-18245 entry relates to Reliable Controls LicenseManager, affected in versions 3.4 and prior. The underlying issue is an unquoted search path/element that a logged-in (authenticated) user can exploit to insert malicious code into the system root path, enabling local code execution wit...

7.8CVSS7.5AI score0.004EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder