CVE-2021-33845

The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors...

CVE-2021-39023

IBM Guardium Data Encryption GDE 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860...

GHSA-G8XG-JGJ6-49R3 Django is vulnerable to Denial of Service attack in formset

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...

Medium: curl

Issue Overview: A vulnerability was found in curl. This security flaw allows reusing OAUTH2-authenticated connections without properly ensuring that the connection was authenticated with the same credentials set for this transfer. This issue leads to an authentication bypass, either by mistake or...

Design/Logic Flaw

DISPUTED Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors."...

PT-2022-3138 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the implementation of the Kerberos network protocol authentication for the isolated software environment AppContainer in Windows operating systems, which is connecte...

GHSA-5CW4-GGX9-36VG Apache Tomcat Denial of Service via Malformed Request Headers

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and modjk load balancing are used, allows remote attackers to cause a denial of service application outage via a crafted request with invalid headers, related to temporary blocking of...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-009)

The version of kernel installed on the remote host is prior to 5.4.156-83.273. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-009 advisory. A flaw was found in the Linux kernel. A memory leak in the ccp-ops crypto driver can allow attackers to cau...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-006)

The version of kernel installed on the remote host is prior to 5.10.68-62.173. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-006 advisory. 2024-03-13: CVE-2021-46913 was added to this advisory. A flaw was found in the Linux kernel. When reusing ...

ASB-A-216481035

In mmcblkreadsingle of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for...

Adobe Acrobat 2017 Security Update (APSB22-16) - Windows

Adobe Acrobat Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobat";...

Adobe Acrobat Classic 2020 Security Update (APSB22-16) - Windows

Adobe Acrobat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobatdcclassic";...

Adobe Acrobat Classic 2020 Security Update (APSB22-16) - Mac OS X

Adobe Acrobat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobatdcclassic";...

Adobe Acrobat DC Continuous Security Update (APSB22-16) - Windows

Adobe Acrobat Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Reader 2017 Security Update (APSB22-16) - Mac OS X

Adobe Acrobat Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobatreader";...

The vulnerability of the networkd-dispatcher component, which manages connection states in Linux operating systems, and is part of the Systemd subsystem responsible for service initialization and management, allows a malicious actor to escalate their privileges or execute arbitrary code.

The vulnerabilities of the networkd-dispatcher component, which manages connection states and initializes services within Systemd in Linux operating systems, stem from synchronization errors when using shared resources. Exploiting these vulnerabilities can allow attackers to increase their...

The vulnerability of the Adobe Experience Manager content and media data management system, related to errors in authentication procedures, allows a perpetrator to trigger a service failure.

The vulnerability of the Adobe Experience Manager content and media data management system is related to errors in the authentication process. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the History API component in the Cisco SD-WAN vManage network management system allows a attacker to disclose protected information.

The vulnerability of the History API component in the Cisco SD-WAN vManage network management system is related to errors in request processing. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

The vulnerability of the Elcomplus SmartPPT SCADA server, related to input validation errors, allows attackers to write arbitrary files to arbitrary locations within the file system.

The vulnerability of the Elcomplus SmartPPT SCADA server is related to input validation errors. Exploiting this vulnerability allows a malicious actor to write arbitrary files to arbitrary locations in the file system using a specially created HTTP request...

The vulnerability of the `object_custom` function in the PHP programming language allows attackers to trigger a service failure or execute arbitrary code.

The vulnerability of the objectcustom function located in ext/standard/varunserializer.c in the PHP interpreter is related to errors in number processing. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...