Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-12082: CVE-2020-12082 Remediated in Code Insight

A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

CVE

Related news

CVE-2021-42321: Microsoft Exchange Server Remote Code Execution Vulnerability

*What can cause this vulnerability?* The vulnerability occurs due to improper validation of cmdlet arguments. *Does the attacker need to be in an authenticated role in the Exchange Server?* Yes, the attacker must be authenticated.

CVE-2021-42278: Active Directory Domain Services Elevation of Privilege Vulnerability

*Where can I find more information about Active Directory SAM Account hardening changes?* See Active Directory SAM Account hardening changes.

CVE-2021-42291: Active Directory Domain Services Elevation of Privilege Vulnerability

*Where can I find more information about Active Directory permissions updates?* See Active Directory permissions updates.

CVE-2021-38665: Remote Desktop Protocol Client Information Disclosure Vulnerability

*What type of information could be disclosed by this vulnerability?* Exploiting this vulnerability could allow the disclosure of initialized and/or uninitialized memory in the process heap.

CVE-2021-42287: Active Directory Domain Services Elevation of Privilege Vulnerability

*Where can I find more information about the improved authentication process added by the update for CVE-2021-42287?* See Authentication updates.

Cloud, Remote Work Will Change How IT Uses Vulnerability Scanners

Tenable added Raspberry Pi support to Nessus v10.0 to help security professionals conduct audits and assessments remotely.

CVE-2021-42539: Emerson WirelessHART Gateway | CISA

The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.

CVE-2021-42538: Emerson WirelessHART Gateway | CISA

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.

CVE-2021-42540: Emerson WirelessHART Gateway | CISA

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.

CVE-2021-42542: Emerson WirelessHART Gateway | CISA

The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.

Enterprise Data Storage Environments Riddled With Vulnerabilities

Many organizations are not properly protecting their storage and backup systems from compromise, new study finds.

CVE-2021-39304: Security Advisories | Proofpoint US

Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.

CVE-2021-34814: Security Advisories | Proofpoint US

Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.

CVE-2021-32028: 1956877 – (CVE-2021-32028) CVE-2021-32028 postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE

A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

CVE-2021-32029: PostgreSQL: CVE-2021-32029: Memory disclosure in partitioned-table UPDATE ... RETURNING

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

CVE-2021-25476: Samsung Mobile Security

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

CVE-2021-35200: Security Advisories | NETSCOUT

NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService.

CVE-2021-35202: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.

CVE-2021-35203: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.

CVE-2021-35198: Security Advisories | NETSCOUT

NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module.

CVE-2021-35204: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.

CVE-2021-35205: Security Advisories | NETSCOUT

NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.

CVE-2021-35199: Security Advisories | NETSCOUT

NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.

WordPress Advanced Order Export For WooCommerce 3.1.7 Cross Site Scripting

WordPress Advanced Order Export For WooCommerce plugin version 3.1.7 suffers from a cross site scripting vulnerability.

CVE-2020-12083: CVE-2020-12083 Remediated in Code Insight

An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

CVE-2021-38408: Advantech WebAccess | CISA

A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

CVE-2020-18169: CVE_Assessment_04_2019/Snagit_Report.pdf at master · GitHubAssessments/CVE_Assessment_04_2019

** DISPUTED ** A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details.

CVE-2020-12002: Advantech WebAccess Node | CISA

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.

CVE-2017-3085: Adobe Security Bulletin

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

CVE-2017-3080: Adobe Security Bulletin

Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907