7691 matches found
Privilege Escalation
openjdk11:edge is vulnearble to privilege escalation. It allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data...
USN-4898-1: curl vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information...
Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology
Summary There are multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQM,...
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities
Multiple vulnerabilities in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. These vulnerabilities are due to lack of proper input validation o...
PT-2021-2789 · Cisco · Cisco Asa +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to a buffer overflow in the software of Cisco Adaptive Security Appliance ASA and...
Cisco Adaptive Security Appliances Software 缓冲区错误漏洞
Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance are both products of Cisco Corporation.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Adaptive Security Appliance is a network appliance. Used to protect...
PT-2021-2788 · Cisco · Cisco Asa +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to a buffer overflow in the software of Cisco Adaptive Security Appliance ASA and...
Mozilla: Secure Lock icon could have been spoofed
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
Mozilla: Secure Lock icon could have been spoofed
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
About the security content of Apple Music 3.5.0 for Android
About the security content of Apple Music 3.5.0 for Android This document describes the security content of Apple Music 3.5.0 for Android. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred an...
Fedora: Security Advisory for curl (FEDORA-2021-26a293c72b)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-2262
Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Endeca. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this...
CVE-2021-2262
Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Endeca. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this...
Design/Logic Flaw
Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Endeca. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this...
CVE-2021-2262
CVE-2021-2262 affects Oracle E-Business Suite Purchasing (Endeca) 12.1.3. The Endeca component is vulnerable, and a low-privileged attacker with network access via HTTPS can compromise Oracle Purchasing, potentially causing unauthorized creation, deletion, or modification of data or full data acc...
CVE-2021-0261
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service DoS for these services by sending a high number of...
Authentication flaw
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service DoS for these services by sending a high number of...
CVE-2021-0261
CVE-2021-0261 affects Juniper Junos OS J-Web and related HTTP/HTTPS services, allowing an unauthenticated attacker to cause an extended DoS by sending a high volume of specific requests. Affected versions include multiple Junos OS releases across EX and SRX lines (e.g., 12.3 before 12.3R12-S17; 1...
CVE-2021-0261 Junos OS: Denial of Service vulnerability in J-Web and web based (HTTP/HTTPS) services caused by a high number of specific requests
A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN DVPN, Firewall Authentication Pass-Through with Web-Redirect, and Captive Portal allows an unauthenticated attacker to cause an extended Denial of Service DoS for these services by sending a high number of...
Missing Authentication for Critical Function in Apache Calcite
"HttpUtilsgetURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses this method internally to connect with Druid and Splunk so information leakage may happen when using the respective Calcite...