Security Vulnerabilities - CVEs Published In July 2021
iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-07-15
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is transmitted over the network while only being encrypted via a substitution cipher.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-07-15
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log files. The encryption is done using a hard-coded static key and is therefore reversible by an attacker.
CVSS Score
3.3
EPSS Score
0.001
Published
2021-07-15
iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-07-15
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
CVSS Score
6.5
EPSS Score
0.009
Published
2021-07-15
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-07-15
A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-07-15
A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16.
CVSS Score
9.9
EPSS Score
0.003
Published
2021-07-15
A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-07-15
A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions prior to 2.5.9 ; Rancher versions prior to 2.4.16.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-07-15