64 matches found
CVE-2021-41832
It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory...
CVE-2021-41830
It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory...
PT-2021-7669 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions Update 14 and earlier Adobe ColdFusion versions Update 4 and earlier Description: The issue exists due to improper limitation of a pathname to a restricted directory, allowing for path traversal. This could result in...
PT-2021-7667 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier Description: The issue is related to the use of hard-coded credentials in Adobe ColdFusion, which could result in application denial-of-service by gaining access to...
PT-2021-7668 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier Description: The issue is caused by improper input validation, which could result in arbitrary file system read. Exploitation of this issue does not require user...
PT-2021-7670 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions Update 14 and earlier Adobe ColdFusion versions Update 4 and earlier Description: The issue is related to a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user...
CVE-2021-32579
Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker who has a local code execution ability to tamper with the micro-service API...
Acronis True Image 授权问题漏洞
Acronis True Image is a famous data backup and restore software from Acronis Singapore. The software can be used to create drive and disk images and can restore the image when a clean system is needed. A security vulnerability exists in Acronis True Image 2021 Update 4 and earlier versions for...
March 5, 2019, update for Access 2010 (KB4018363)
March 5, 2019, update for Access 2010 KB4018363 This article describes update 4018363 for Microsoft Access 2010 that was released on March 5, 2019.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2010. It doesn't apply to th...
CVE-2019-8072
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...
CVE-2019-8073
ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user...
PT-2019-6105 · Citrix · Citrix Storefront Server
Name of the Vulnerable Software and Affected Versions: Citrix StoreFront Server versions prior to 1903 Citrix StoreFront Server 7.15 LTSR versions prior to CU4 3.12.4000 Citrix StoreFront Server 7.6 LTSR versions prior to CU8 3.0.8000 Description: The issue is related to incorrect restriction of...
Arcserve Unified Data Protection Information Disclosure Vulnerability
Arcserve Unified Data Protection UDP is a set of unified data protection solutions from Arcserve, Inc. in the United States. The solution provides backup and recovery of all virtual and physical environments, global deduplication, and more. An information disclosure vulnerability exists in the...
PT-2016-5236 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.5 Description: The issue allows local users to cause a denial of service by creating many pipes with non-default sizes, resulting in memory consumption due to the lack of limitation on the amount of unread dat...
Multiple Directory Traversal Vulnerability in Arcserve Unified Data Protection
Arcserve UDP Unified Data Protection is a set of unified data protection solutions from the U.S. company Arcserve. The solution provides backup and recovery of all virtual and physical environments, global deduplication and other functions. Multiple directory traversal vulnerabilities exist in th...
OpenJDK: java.lang.invoke.MethodHandles.Lookup does not honor access modes (Libraries, 7165628)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...
JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than...
JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and...
OpenJDK: java.lang.invoke.MethodHandles.Lookup does not honor access modes (Libraries, 7165628)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries...
OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...