CVE-2021-21429

OpenAPI Generator (Maven plugin) was vulnerable due to using File.createTempFile in the JDK, which could cause insecure temporary files and potential disclosure of the OpenAPI spec contents to other local users. The affected artifact is the OpenAPI Generator Maven plugin; root cause is insecure h...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

...

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-30525)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in the Server: Audit Plug-in component of Oracle MySQL Server 5.7.33, 8.0.23 and earlier versions. An attacker could exploit the vulnerability to affect the integrity...

Chrome users, here’s how to opt out of the Google FLoC trial

Two weeks after Google launched a trial to replace run-of-the-mill online user tracking with new-fangled online user tracking, several companies and organizations have pushed back, criticizing the new technology—called FLoC—which is designed to respect peoples privacy more, as a detriment to user...

CVE-2021-30209

Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions...

CVE-2021-30209

Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions...

Design/Logic Flaw

Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions...

CVE-2021-30209

Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, potentially leading to system permissions. Affected: Textpattern 4.8.4. Root cause: plugin upload location allows background loading without verifi...

Unspecified vulnerability in Firefox unity-firefox-extension (CNVD-2021-37760)

Firefox unity-firefox-extension is a Firefox open source application plug-in . Firefox unity-firefox-extension contains a security vulnerability that can be exploited by attackers to cause Firefox to crash...

Driving the Citrix Receiver Self-Service Plug-in Programmatically

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. The Self-Service Plugin SSP is the component within Receiver 4.0 onwards that is responsible for...

CVE-2021-26987

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services...

Remote code execution

Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services...

CVE-2021-26987

CVE-2021-26987 affects Element Plug-in for vCenter Server, involving SpringBoot Framework. The vulnerability arises in SpringBoot versions prior to 1.3.2, with all Element Plug-in for vCenter Server versions and related Management Services (prior to 2.17.56) and Management Node versions through 1...

Release Information for DataCore Plug-In for Veeam Backup & Replication

This plug-in leverages the Veeam Universal Storage API, which enables storage OEMs to allow Veeam Backup & Replication integration to the arrays for backup and replication jobs. Requirements Before installing DataCore Plug-In v1.2.2, ensure that you are running Veeam Backup & Replication 12.3.0.3...

VMware vCenter Server 代码问题漏洞

VMware Cloud Foundation is a hybrid cloud platform developed by VMware based on the HCI architecture that enables consistent, secure infrastructure and operations between private and public clouds. VMware vSphere Client server-side request forgery vulnerability can be exploited by an attacker wit...

Genivia gSOAP 代码问题漏洞

gSOAP is a C/C++ library for developing XML-based Web services . A null pointer dereference vulnerability exists in the WS-Security plug-in feature of Genivia gSOAP 2.8.107. An attacker could exploit this vulnerability by sending a specially crafted SOAP request to cause a denial of service...

CVE-2020-8257

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks...

CVE-2020-8257

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks...

CVE-2020-8258

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files...

Input validation

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks...