Логотип exploitDog
source:"msrc"
Консоль
Логотип exploitDog

exploitDog

source:"msrc"

Количество 18 763

Количество 18 763

msrc логотип

CVE-2021-2022

около 5 лет назад

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.4
EPSS: Низкий
msrc логотип

CVE-2021-20229

почти 5 лет назад

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

CVSS3: 4.3
EPSS: Низкий
msrc логотип

CVE-2021-20228

больше 4 лет назад

A flaw was found in the Ansible Engine 2.9.18 where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

CVSS3: 7.5
EPSS: Низкий
msrc логотип

CVE-2021-20227

почти 5 лет назад

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.

CVSS3: 5.5
EPSS: Низкий
msrc логотип

CVE-2021-20225

почти 5 лет назад

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 6.7
EPSS: Низкий
msrc логотип

CVE-2021-20221

больше 4 лет назад

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

CVSS3: 6
EPSS: Низкий
msrc логотип

CVE-2021-2021

около 5 лет назад

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
EPSS: Средний
msrc логотип

CVE-2021-20208

почти 5 лет назад

CVSS3: 6.1
EPSS: Низкий
msrc логотип

CVE-2021-20203

почти 5 лет назад

CVSS3: 3.2
EPSS: Низкий
msrc логотип

CVE-2021-20199

около 4 лет назад

CVSS3: 5.9
EPSS: Низкий
msrc логотип

CVE-2021-20197

почти 5 лет назад

CVSS3: 6.3
EPSS: Низкий
msrc логотип

CVE-2021-20194

почти 5 лет назад

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y CONFIG_BPF=y CONFIG_CGROUPS=y CONFIG_CGROUP_BPF=y CONFIG_HARDENED_USERCOPY not set and BPF hook to getsockopt is registered). As result of BPF execution the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.

CVSS3: 7.8
EPSS: Низкий
msrc логотип

CVE-2021-20191

больше 4 лет назад

A flaw was found in ansible. Credentials such as secrets are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

CVSS3: 5.5
EPSS: Низкий
msrc логотип

CVE-2021-20181

больше 4 лет назад

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.

CVSS3: 7.5
EPSS: Низкий
msrc логотип

CVE-2021-20178

больше 4 лет назад

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

CVSS3: 5.5
EPSS: Низкий
msrc логотип

CVE-2021-2011

около 5 лет назад

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 5.9
EPSS: Низкий
msrc логотип

CVE-2021-2010

около 5 лет назад

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L).

CVSS3: 4.2
EPSS: Низкий
msrc логотип

CVE-2021-2002

около 5 лет назад

MySQL Server Replication Vulnerability Allows High-Privileged Remote Attackers to Cause Denial of Service (DoS) in Versions 8.0.22 and Earlier

CVSS3: 4.9
EPSS: Низкий
msrc логотип

CVE-2021-1734

около 5 лет назад

Windows Remote Procedure Call Information Disclosure Vulnerability

CVSS3: 7.5
EPSS: Средний
msrc логотип

CVE-2021-1733

около 5 лет назад

Sysinternals PsExec Elevation of Privilege Vulnerability

CVSS3: 7.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
msrc логотип
CVE-2021-2022

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.4
1%
Низкий
около 5 лет назад
msrc логотип
CVE-2021-20229

A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.

CVSS3: 4.3
0%
Низкий
почти 5 лет назад
msrc логотип
CVE-2021-20228

A flaw was found in the Ansible Engine 2.9.18 where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

CVSS3: 7.5
0%
Низкий
больше 4 лет назад
msrc логотип
CVE-2021-20227

A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.

CVSS3: 5.5
0%
Низкий
почти 5 лет назад
msrc логотип
CVE-2021-20225

A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS3: 6.7
0%
Низкий
почти 5 лет назад
msrc логотип
CVE-2021-20221

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.

CVSS3: 6
0%
Низкий
больше 4 лет назад
msrc логотип
CVE-2021-2021

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 4.9
52%
Средний
около 5 лет назад
msrc логотип
CVSS3: 6.1
0%
Низкий
почти 5 лет назад
msrc логотип
CVSS3: 3.2
0%
Низкий
почти 5 лет назад
msrc логотип
CVSS3: 5.9
1%
Низкий
около 4 лет назад
msrc логотип
CVSS3: 6.3
0%
Низкий
почти 5 лет назад
msrc логотип
CVE-2021-20194

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y CONFIG_BPF=y CONFIG_CGROUPS=y CONFIG_CGROUP_BPF=y CONFIG_HARDENED_USERCOPY not set and BPF hook to getsockopt is registered). As result of BPF execution the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.

CVSS3: 7.8
0%
Низкий
почти 5 лет назад
msrc логотип
CVE-2021-20191

A flaw was found in ansible. Credentials such as secrets are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.

CVSS3: 5.5
0%
Низкий
больше 4 лет назад
msrc логотип
CVE-2021-20181

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error potentially escalating their privileges on the system. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.

CVSS3: 7.5
0%
Низкий
больше 4 лет назад
msrc логотип
CVE-2021-20178

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

CVSS3: 5.5
0%
Низкий
больше 4 лет назад
msrc логотип
CVE-2021-2011

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS3: 5.9
2%
Низкий
около 5 лет назад
msrc логотип
CVE-2021-2010

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Client accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Client. CVSS 3.1 Base Score 4.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L).

CVSS3: 4.2
0%
Низкий
около 5 лет назад
msrc логотип
CVE-2021-2002

MySQL Server Replication Vulnerability Allows High-Privileged Remote Attackers to Cause Denial of Service (DoS) in Versions 8.0.22 and Earlier

CVSS3: 4.9
0%
Низкий
около 5 лет назад
msrc логотип
CVE-2021-1734

Windows Remote Procedure Call Information Disclosure Vulnerability

CVSS3: 7.5
20%
Средний
около 5 лет назад
msrc логотип
CVE-2021-1733

Sysinternals PsExec Elevation of Privilege Vulnerability

CVSS3: 7.8
0%
Низкий
около 5 лет назад

Уязвимостей на страницу