• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-426

CVE-2021-29221

February 23, 2023 by

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation’s directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with “erlsrv.exe” to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.

CVE-2021-28246

February 23, 2023 by

** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user must create a malicious library in the writable RPATH, to be dynamically linked when the emtgtctl2 executable is run. The code in the library will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2021-28249

February 23, 2023 by

** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2021-26807

February 23, 2023 by

GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading.

CVE-2021-26556

February 23, 2023 by

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.

CVE-2021-26557

February 23, 2023 by

When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 31
  • Go to page 32
  • Go to page 33
  • Go to page 34
  • Go to page 35
  • Interim pages omitted …
  • Go to page 38
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE