Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-38633)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Microsoft Windows Common Log File System Driver 权限许可和访问控制问题漏洞

The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by specialized client applications and shared by multiple clients to optimize logging and access. access. A...

Microsoft Windows Common Log File System Driver 权限许可和访问控制问题漏洞

The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by specialized client applications and shared by multiple clients to optimize logging and access. access. A...

Microsoft Windows Common Log File System Driver权限许可和访问控制问题漏洞

The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by specialized client applications and shared by multiple clients to optimize logging and access. access. A...

PT-2021-5229 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to errors in managing privileges in the Windows Common Log File System CLFS Driver. Exploitation of this issue may allow an attacker to elevate their...

PT-2021-6335 · Microsoft · Windows Common Log File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows Common Log File System Driver, which can be exploited to elevate privileges. This allow...

PT-2021-6339 · Microsoft · Windows Common Log File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver affected versions not specified Description: The issue is related to insufficient access control in the Windows Common Log File System Driver of the Microsoft Windows operating system. Exploitation of thi...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1252-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

OPENSUSE-SU-2021:1250-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo1190291: - CVE-2021-32766 CWE-209: Generation of Error Message Containing Sensitive Information - CVE-2021-32800 CWE-306: Missing Authentication for Critical Function - CVE-2021-32801 CWE-532: Insertion of Sensitive...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1250-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

Privilege Escalation

dogtag-pki is vulnerable to privilege escalation. The vulnerability exists due to a stored admin credentials in the installation log file which allows an attacker to retrieve the file and obtain admin password to gain admin privilege...

iPortalis 资源管理错误漏洞

iPortalis is providing management of Microsoft licenses, costs, governance and reporting capabilities. A resource management error vulnerability exists in iPortalis iCS that stems from the product's failure to add valid validation for log file sizes. An attacker could cause a denial of service by...

CVE-2021-22024

The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure...

Information disclosure

The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure...

CVE-2021-22024

The vRealize Operations Manager API 8.x prior to 8.5 contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can read any log file resulting in sensitive information disclosure...

CVE-2021-22024

CVE-2021-22024 is an arbitrary log-file read vulnerability in the vRealize Operations Manager API (affecting 8.x prior to 8.5). An unauthenticated attacker with network access to the API can read arbitrary log files, exposing sensitive data. The issue is part of a set of vulnerabilities (CVE-2021...

GHSA-M6H2-JX9V-58W6 Missing Authorization in Apache Airflow

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

VMware vRealize Operations Manager 7.5.x / 8.x Multiple Vulnerabilities (VMSA-2021-0018)

The version of VMware vRealize Operations vROps Manager running on the remote web server is 7.5.x prior to 7.5.0.18528913, 8.0.0 prior to 8.0.1.18442173, or 8.1.0 prior to 8.1.1.18442224 or 8.2.0 prior to 8.2.0.18439239 or 8.3.0 prior to 8.3.0.18439213 or 8.4.0 prior to 8.4.0.18456797. It is,...

Security Advisory - Information Leakage Vulnerability in Some Huawei Product

There is an information leakage vulnerability in some huawei products. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. Vulnerability ID:...

Apache Airflow 访问控制错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow versions prior to 2.1.2, which stems fr...