Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2021-27488 Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing CATPart files.
local
low complexity
luxion datakit siemens
7.8
2021-05-27 CVE-2021-27494 Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing STP files.
local
low complexity
luxion datakit siemens
7.8
2021-05-27 CVE-2021-27496 Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files.
local
low complexity
luxion datakit siemens
7.8
2021-05-27 CVE-2021-22118 Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
local
low complexity
vmware oracle netapp CWE-668
7.8
2021-05-27 CVE-2021-22359 Improper Input Validation vulnerability in Huawei S5700 Firmware and S6700 Firmware
There is a denial of service vulnerability in the verisions V200R005C00SPC500 of S5700 and V200R005C00SPC500 of S6700.
network
low complexity
huawei CWE-20
7.5
2021-05-27 CVE-2021-30465 Race Condition vulnerability in multiple products
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal.
network
high complexity
linuxfoundation fedoraproject CWE-362
8.5
2021-05-27 CVE-2021-31154 Exposure of Resource to Wrong Sphere vulnerability in Pleaseedit Project Pleaseedit
pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory.
local
low complexity
pleaseedit-project CWE-668
7.8
2021-05-27 CVE-2021-31155 Incorrect Permission Assignment for Critical Resource vulnerability in Umask Project Umask
Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command.
local
low complexity
umask-project CWE-732
7.8
2021-05-27 CVE-2021-33200 Out-of-bounds Write vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579.
local
low complexity
linux fedoraproject netapp CWE-787
7.8
2021-05-27 CVE-2020-17514 Unspecified vulnerability in Apache Fineract
Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method.
network
high complexity
apache
7.4