Microsoft Azure Real Time Operating System 信息泄露漏洞

Microsoft Azure is an open, enterprise-class cloud computing platform from Microsoft Corporation USA. The vulnerability stems from a configuration and other errors in the network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive...

PT-2021-5003 · Microsoft · Malware Protection Engine

Name of the Vulnerable Software and Affected Versions: Microsoft Malware Protection Engine MPE affected versions not specified Description: The issue is related to errors in code generation management within the Microsoft Malware Protection Engine MPE. Exploitation of this issue may allow an...

Microsoft Azure Real Time Operating System 信息泄露漏洞

Microsoft Azure is an open, enterprise-class cloud computing platform from Microsoft Corporation USA. The vulnerability stems from a configuration and other errors in the network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive...

PT-2021-4642 · Microsoft · Office Excel +1

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: The issue is related to a security feature bypass in Microsoft Excel, which can be exploited to allow an attacker to execute arbitrary code. This can be achieved due to errors in...

PT-2021-5087 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to errors in the representation of information by the user interface, allowing for spoofing attacks. It enables a remote attacker to affect the system...

IBM InfoSphere Information Server 信息泄露漏洞

IBM InfoSphere Information Server is a data integration platform that includes a range of products that enable you to understand, cleanse, monitor, transform, and transfer data, as well as collaborate to bridge the gap between business and IT. A security vulnerability exists in IBM InfoSphere...

WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin. The WordPress plugin 404 to 301 â€" Redirect, Log and Noti...

PYSEC-2021-815

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

rasdaemon bug fix and enhancement update

The rasdaemon packages provide a RAS Reliability, Availability and Serviceability logging tool, which records memory errors, using the EDAC tracing events. Bug Fixes and Enhancements: RFE latest rasdaemon hardware check for ROME and MILAN BZ1975506...

rasdaemon bug fix and enhancement update

An update is available for rasdaemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rasdaemon packages provide a RAS Reliability, Availability and...

MODX CMS Code Issue Vulnerability

Modx Cms is the U.S. Modx Corporation, one of the world's fastest, safest, most flexible and scalable open source Cms. A security vulnerability exists in MODX CMS, which originates from errors such as configuration during operation of a networked system or product. An unauthorized attacker could...

The vulnerability in the web interface of Cisco Firepower Management Center’s software management interface allows a perpetrator to gain unauthorized access to confidential configuration information.

The vulnerability of the Cisco Firepower Management Center’s software network management interface is related to errors in the encryption of confidential information stored in the graphical interface configuration console. Exploiting this vulnerability can allow an attacker to gain unauthorized...

The vulnerability in the parser.c component of the Libxml2 library, related to pointer dereferencing errors, allows attackers to trigger a denial-of-service attack.

The vulnerability of the parser.c component in the Libxml2 library is related to the lack of error handling during the analysis of XML content. Exploiting this vulnerability allows a malicious actor to cause service failures by using a specially created XML document...

Apple tvOS Information Disclosure Vulnerability (CNVD-2021-84234)

Apple tvOS is a set of smart TV operating systems from the American company Apple Apple. An information disclosure vulnerability exists in Apple tvOS. The vulnerability arises from errors in configuration or other errors in the operation of a networked system or product. An unauthorized attacker...

Easy-XML 代码问题漏洞

Easy-Xml is used to provide a simplified view of Xml documents.Easy-XML is vulnerable to XML external entity injection, which stems from errors such as configuration during the operation of a network system or product, and can be exploited by an unauthorized attacker to obtain sensitive informati...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to errors in the implementation of methods and functions. Exploiting this vulnerability can allow a malicious actor to gain access to the system remotely...

GitLab 输入验证错误漏洞

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to input validation errors, which can be exploited to cause high CPU usage...

The vulnerability of software for implementing VNC and TigerVNC lies in authentication process errors, which allow attackers to gain access to confidential data and compromise its integrity.

The vulnerability of the software for implementing VNC TigerVNC is related to improper handling of TLS certificate exceptions. Exploiting this vulnerability can allow a remote attacker to access confidential data and compromise its integrity...

CLSA-2021-1635459219 Fix CVE(s): CVE-2021-40812, CVE-2021-40145, CVE-2021-38115, CVE-2017-6363

SECURITY UPDATE: unhandled memory allocation error in gdImageGd2Ptr - debian/patches/CVE-2021-40145.patch: check for non-zero return code from gdImageGd2 - CVE-2021-40145 SECURITY UPDATE: unhandled value returned from gdPutBuf - debian/patches/CVE-2021-40812.patch: handle possible gdPutBuf error ...

CLSA-2021-1635439636 Fix of CVE: CVE-2017-6363, CVE-2021-40145

CVE-2021-40145: check for memory allocation errors processing GD2 images - CVE-2017-6363: make sure transparent index is within bounds of the palette...