CVE-2021-22021

VMware vRealize Log Insight 8.x prior to 8.4 contains a Cross Site Scripting XSS vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared...

Cross site scripting

VMware vRealize Log Insight 8.x prior to 8.4 contains a Cross Site Scripting XSS vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared...

CVE-2021-22021

VMware vRealize Log Insight 8.x prior to 8.4 contains a Cross Site Scripting XSS vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared...

CVE-2021-22021

VMware vRealize Log Insight (8.x prior to 8.4) has an XSS vulnerability caused by improper user input validation. An attacker with user privileges can inject a malicious payload via the Log Insight UI, which executes when a victim accesses a shared dashboard link. Public sources and advisories co...

PT-2021-7541 · Vmware · Vmware Vrealize Log Insight

Name of the Vulnerable Software and Affected Versions: VMware vRealize Log Insight versions 8.x prior to 8.4 Description: The issue is due to improper user input validation, allowing an attacker with user privileges to inject a malicious payload via the Log Insight UI. This payload would be...

VMware Issues Patches to Fix New Flaws Affecting Multiple Products

VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses from CVE-2021-22022 through CVE-2021-22027, CVSS scores: 4.4 - 8.6 affect VMware...

VMware vRealize Log Insight 跨站脚本漏洞

Vmware VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A cross-site scripting vulnerability exists in VMware vRealize Log Insight that stems from insufficient cleansing of user-supplied data...

VMSA-2021-0019:VMware vRealize Log Insight updates address Cross Site Scripting (XSS) vulnerability

Advisory ID: VMSA-2021-0019 CVSSv3 Range: 6.5 Issue Date:2021-08-24 Updated On: 2021-08-24 Initial Advisory CVEs: CVE-2021-22021 Synopsis: VMware vRealize Log Insight updates address Cross Site Scripting XSS vulnerability CVE-2021-22021 RSS Feed Download PDF Download Text File Share this page on...

CVE-2021-36921

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall AIWAF devices with Manager 2.1.0 has Improper Authentication. An attacker can gain administrative access by modifying the response to an authentication check request...

Command injection

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall AIWAF devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request...

MONITORAPP Application Insight Web Application Firewall 输入验证错误漏洞

MONITORAPP Application Insight Web Application Firewall AIWAF is an application firewall from MONITORAPP Corporation in South Korea. The MONITORAPP Application Insight Web Application Firewall suffers from an input validation error vulnerability that stems from a lack of input validation for one ...

An Expert Discussion on Zero Trust

The future has grown to be uncertain, so has the security of your critical data. Trend Micro experts discuss how the Zero Trust strategy was born of organizations’ growing need for better risk insight...

Attack AI systems in Machine Learning Evasion Competition

Today, we are launching MLSEC.IO, an educational Machine Learning Security Evasion Competition MLSEC for the AI and security communities to exercise their muscle to attack critical AI systems in a realistic setting. Hosted and sponsored by Microsoft, alongside NVIDIA, CUJO AI, VM-Ray, and MRG...

Fedora: Security Advisory for systemd (FEDORA-2021-2a6ba64260)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Oracle Hospitality Reporting and Analytics has an unspecified vulnerability (CNVD-2021-56433)

Oracle Hospitality Reporting and Analytics is a web-based application that centralizes point-of-sale POS data, provides operational and analytical insight into business operations, and improves efficiency by delivering information to all roles within the organization. and Analytics version 9.1.0...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-2183)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Silicon Support on Insight Agent

We are pleased to announce the general availability of native support of Apple Silicon chips for the Rapid7 Insight Agent! The Insight Agent has been fully validated and tested to run on the new Apple Silicon systems natively, and does not require Rosetta 2 to install or operate. This ensures...

SUSE: Security Advisory (SUSE-SU-2021:2106-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NTP < 4.2.8p13 NULL Pointer Dereference Vulnerability

A crafted malicious authenticated mode 6 ntpq packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd. Note that for this attack to work, the sending system must be on an address that the target SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions...

Fedora: Security Advisory for microcode_ctl (FEDORA-2021-598dbab9a9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...