2348 matches found
CVE-2021-34802
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges...
Authorization
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges...
Neo4j 安全漏洞
Neo4j is a Java-based and fully ACID-compatible graph database from Neo4j, which supports data migration, add-ons, etc. A security vulnerability exists in Neo4j Graph Database versions 4.2 and 4.3, which stems from a failure to reset the security environment during certain transaction operations ...
TokenTactics - Azure JWT Token Manipulation Toolset
Azure JSON Web Token "JWT" Manipulation Toolset Azure access tokens allow you to authenticate to certain endpoints as a user who signs in with a device code. Even if they used multi-factor authentication. Once you have a user's access token, it may be possible to access certain apps such as...
CVE-2021-34802
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges...
CVE-2021-34802
CVE-2021-34802 describes a vulnerability in Neo4j Graph Database versions 4.2 and 4.3 where a failure in resetting the security context during certain transaction actions could allow authenticated users to execute commands with elevated privileges. The root cause is a security-context reset issue...
[SECURITY] Fedora 33 Update: kernelshark-1.2-5.fc33
KernelShark is a front end reader of trace-cmd output. "trace-cmd record" and "trace-cmd extract" create a trace.dat trace-cmd.dat file. kernelshark can read this file and produce a graph and list view of its data...
Advantech R-SeeNet Cross-Site Scripting Vulnerability (CNVD-2021-57184)
Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in the devicegraphpage.php script function of...
PT-2021-14784 · Advantech · Advantech R-Seenet
Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet affected versions not specified Description: The issue is present in the device graph page.php script, part of the Advantech R-SeeNet web applications. It allows arbitrary JavaScript code execution when a victim visits a...
PT-2021-14785 · Advantech · Advantech R-Seenet
Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet affected versions not specified Description: The issue is present in the device graph page.php script, part of the Advantech R-SeeNet web applications. It allows arbitrary JavaScript code execution when a victim visits a...
Advantech R-SeeNet 跨站脚本漏洞
Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in Advantech R-SeeNet, which stems from the lack ...
Advantech R-SeeNet 跨站脚本漏洞
Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in the devicegraphpage.php script function of...
Advantech R-SeeNet 跨站脚本漏洞
Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in the devicegraphpage.php script function of...
Advantech R-SeeNet device_graph_page.php Multiple Reflected XSS vulnerabilities
Summary Multiple cross-site scripting vulnerabilities exist in the devicegraphpage.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits specially crafted URLs, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An...
Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-48857)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which stems from the absence of loops between nodes of a TFlite graph. No detailed vulnerability details are...
SilverStripe 授权问题漏洞
SilverStripe is New Zealand SilverStripe Silverstripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe has an authorization issue vulnerability that stems from...
PT-2021-11213 · Silverstripe · Silverstripe
Name of the Vulnerable Software and Affected Versions: SilverStripe versions prior to 4.6.0-rc1 Description: The issue concerns the GraphQL module in SilverStripe, which by default accepts basic-auth as an authentication method. This allows bypassing multi-factor authentication MFA if the...
Krane - Kubernetes RBAC Static Analysis And Visualisation Tool
Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. Features RBAC Risk rules - Krane...
odix and Microsoft: Protecting users against malware attacks with free FileWall license
This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. Learn more about MISA. The fight against malware has become the epic battle of our generation, placing businesses of all sizes against a never-ending stream of hackers and zero-day attacks bent on...
DEBIAN-CVE-2020-22042
A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the linkfilterinouts function in libavfilter/graphparser.c...