47 matches found
PYSEC-2023-44
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...
Citrix Endpoint Management (aka XenMobile Server) 10.14.0 Rolling Patch 10
Package name: xms10.14.0.11013.bin For: XenMobile Server 10.14.0 Deployment type: On-premises only Replaces: xms10.14.0.10942.bin, xms10.14.0.10813.bin, xms10.14.0.10742.bin, xms10.14.0.10628.bin, xms10.14.0.10521.bin, xms10.14.0.10424.bin, xms10.14.0.10303.bin, xms10.14.0.10206.bin, and...
Cisco SD-WAN vManage Software Cluster Mode Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when it is operating in cluster mode could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...
Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 10
Package name: xms10.13.0.11025.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only Replaces: xms10.13.0.10922.bin, xms10.13.0.10817.bin, xms10.13.0.10723.bin, xms10.13.0.10603, xms10.13.0.10528.bin, xms10.13.0.10426.bin, xms10.13.0.10329.bin, xms10.13.0.10212.bin, and...
Kubeaudit - Tool To Audit Your Kubernetes Clusters Against Common Security Controls
kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as: run as non-root use a read-only root filesystem drop scary capabilities, don't add new ones don't run privileged and more! tldr.kubeaudit makes sure you deploy secure...
Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 9
Package name: xms10.13.0.10922.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only Replaces: xms10.13.0.10817.bin, xms10.13.0.10723.bin, xms10.13.0.10603.bin, xms10.13.0.10528.bin, xms10.13.0.10426.bin, xms10.13.0.10329.bin, xms10.13.0.10212.bin, and xms10.13.0.10129.bin. Date: Ju...
Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 7
Package name: xms10.13.0.10723.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only Replaces: xms10.13.0.10603.bin, xms10.13.0.10528.bin, xms10.13.0.10426.bin, xms10.13.0.10329.bin, xms10.13.0.10212.bin, and xms10.13.0.10129.bin. Date: March 2022 Languages supported: English US...
Citrix Endpoint Management (aka XenMobile Server) 10.14.0 Rolling Patch 4
Package name: xms10.14.0.10424.bin For: XenMobile Server 10.14.0 Deployment type: On-premises only Replaces: xms10.14.0.10303.bin, xms10.14.0.10206.bin, and xms10.14.0.10118.bin Date: January 2022 Languages supported: English US Important notes about this update As a best practice, Citrix...
Cisco SD-WAN vManage Information Disclosure (cisco-sa-sdwan-vmanageinfdis-LKrFpbv)
According to its self-reported version, Cisco SD-WAN Viptela Software is affected by an information disclosure vulnerability due to absence of authentication to view sensitive information. An unauthenticated, remote attacker can exploit this, by sending a crafted request to the cluster management...
The vulnerability of the cluster-mode programmable Cisco SD-WAN architecture allows a intruder to gain unauthorized access to services within the vulnerable system.
The vulnerability of the programmable network-based Cisco SD-WAN architecture in cluster mode is related to lack of access control. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to services within the vulnerable system...
CVE-2021-1535
A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This...
Cisco SD-WAN vManage Software 输入验证错误漏洞
Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A cluster mode unauthorized service access vulnerability exists in Cisco SD-WAN vManage, which can be exploited by an attacker to bypass authorization checks and gain...
Cisco SD-WAN vManage Software 输入验证错误漏洞
Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A cluster mode unauthorized access vulnerability exists in the web management interface of Cisco SD-WAN vManage, which stems from the software not performing authorization...
Cisco SD-WAN vManage Cluster Mode Unauthorized Service Access Vulnerability
Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A cluster mode unauthorized service access vulnerability exists in Cisco SD-WAN vManage, which can be exploited by an attacker to bypass authorization checks and gain...
Cisco SD-WAN vManage Cluster Mode Unauthorized Access Vulnerability
Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A cluster mode unauthorized access vulnerability exists in the web management interface of Cisco SD-WAN vManage, which stems from the software not performing authorization...
Cisco SD-WAN vManage Software Information Disclosure Vulnerability
A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due t...
PT-2021-2986 · Cisco · Cisco Sd-Wan Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to multiple vulnerabilities in Cisco SD-WAN vManage Software that could allow an unauthenticated, remote attacker to execute arbitrary code or gai...
CVE-2021-26988
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine SVM names, volume names,...
Code injection
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine SVM names, volume names,...
Netapp Clustered Data ONTAP 安全漏洞
Netapp Clustered Data ONTAP is a storage operating system for cluster mode from NetApp USA. A security vulnerability exists in Clustered Data ONTAP that originates from allowing unauthorized tenant users to discover the 7-Cluster-mode. the following products and versions are affected: Data ONTAP...