3793 matches found
UVI-2021-1000022 KVM: VMX: Don't use vcpu->run->internal.ndata as an array index
KVM: VMX: Don't use vcpu-run-internal.ndata as an array index This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.32 by commit...
setConvictionless can be front-run to prevent conviction reset
Handle 0xRajeev Vulnerability details Impact The denylist convictionless is meant to deny conviction scores for certain users and is set by the privileged roles timelock/FSD-owner in setConvictionless. The documentation says: “adjust which addresses are meant to not accrue a conviction score. The...
Monitor Windows Registry Changes with Qualys File Integrity Monitoring
With Windows registries storing a large number of programs and OS security settings and a large amount of raw data, threat actors have begun to use those registries as a data store for their malicious activity. It is therefore imperative for organizations to monitor changes in Windows registries ...
dovecot security and bug fix update
1:2.3.8-9 - fix CVE-2020-24386 IMAP hibernation function allows mail access 1913534 1:2.3.8-8 - fix CVE-2020-25275 denial of service via mail MIME parsing 1914019 1:2.3.8-7 - change run directory from /var/run to /run 1805947 1:2.3.8-6 - fix mail storage block count parsing 1894418 - MIME parser...
CiLocks - Android LockScreen Bypass
CiLocks - Android LockScreen Bypass Features Brute Pin 4 Digit Brute Pin 6 Digit Brute LockScreen Using Wordlist Bypass LockScreen Antiguard Not Support All OS Version Root Android Supersu Not Support All OS Version Steal File Reset Data Required - Adb Android SDK - Cable Usb - Android Emulator...
7.13: Upgrade Confluence to latest Adopt OpenJDK versions 11.0.12
This issue includes running tests against JDK 11 latest11.0.127 and also bundling this JDK in installer...
xorg-x11-server: Leak of uninitialized heap memory from the X server to clients in AllocatePixmap of dix/pixmap.c
A flaw was found in the way the Xserver memory was not properly initialized. This issue leak parts of server memory to the X client. In cases where the Xorg server runs with elevated privileges, this flaw results in a possible ASLR bypass...
CVE-2021-21650
Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled...
PT-2021-14693 · Jenkins · Jenkins S3 Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins S3 publisher Plugin versions 0.11.6 and earlier Description: The issue allows attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled, due to a lack...
Exploit for Incorrect Authorization in Apache Solr
Apache Solr RCE CVE-2020-13957 Docker Demo !docker-demo...
DEBIAN-CVE-2020-28011
Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queuerun via two sender options: -R and -S. This may cause privilege escalation from exim to root...
Exim 缓冲区错误漏洞
Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. A heap buffer overflow vulnerability exists in queuerun in Exim, which can be exploited by an attacker to elevate privileges from exim to root via the two sender options -R and -...
Fake Software Update Webpage
A misleading web page, disguising as an update message, is used to trick a user into installing malware, leading to loss of data, or allowing the attacker to run arbitrary code on the infected machine...
Cisco Firepower Management Center 跨站脚本漏洞
Cisco Firepower Management Center FMC is the next generation firewall management center software from Cisco. Cisco Firepower Management Center: 6.4.0.11 A cross-site scripting vulnerability exists, which results from insufficient cleaning of user-supplied data in the web-based management interfac...
Webmin 跨站脚本漏洞
Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. A reflective cross-site scripting vulnerability exists in Webmin version 1.973. The vulnerability can be exploited to achieve remote command execution via Webmin...
Webmin 跨站请求伪造漏洞
Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. A cross-site request forgery vulnerability exists in Webmin version 1.973. The vulnerability can be exploited to achieve remote command execution via Webmin's ru...
Webmin 跨站请求伪造漏洞
Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. A cross-site request forgery vulnerability exists in Webmin version 1.973. An attacker can use this vulnerability to create an elevated privilege user via Webmin...
SUSE: Security Advisory (SUSE-SU-2019:2666-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SAP Focused RUN Improper Authorization Vulnerability
Designed for organizations that require extensive system and application monitoring, alerting and analysis, SAP Focused Run supports hosting all customers in a scalable, secure and automated environment. An improper authorization vulnerability exists in SAP Focused RUN versions 200 and 300. The...
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Apr 2021)
This host is missing a critical security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...