Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-20526: Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755.

CVE
#vulnerability

Related news

Update now! Mozilla fixes security vulnerabilities in Firefox 94

Mozilla has issued patches for several vulnerabilities in the Firefox browser. We discuss some of the high impact issues. Categories: Exploits and vulnerabilities Tags: cloud clipboard cve-2021-38504 cve-2021-38505 cve-2021-38506 cve-2021-38507 firefox memory safety bugs mozilla QR code xslt *( Read more... ( https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/11/update-now-mozilla-fixes-security-vulnerabilities-in-firefox-94/ ) )* The post Update now! Mozilla fixes security vulnerabilities in Firefox 94 appeared first on Malwarebytes Labs.

CVE-2021-29875: IBM InfoSphere Information Server information disclosure CVE-2021-29875 Vulnerability Report

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572.

Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs

Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is an actively exploited zero-day.

CVE-2021-20552: Security Bulletin: Information Disclosure Vulnerabilty Affects IBM Sterling File Gateway User Interface (CVE-2021-20552)

IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.

Apple Patches Zero-Days in iOS, Known Vuln in macOS

One of the iOS vulnerabilities was discovered by Citizen Lab; the Google Threat Analysis Group reported iOS and macOS flaws.

CVE-2021-20377: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690)

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.

CVE-2021-20377: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2021-20377, CVE-2020-4690)

IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.

CVE-2021-20435: Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Bridge (CVE-2021-20434, CVE-2021-38864, CVE-2021-20435)

IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.

CVE-2021-20485: Security Bulletin: Information Disclosure Vulnerabilities Affect IBM Sterling B2B File Gateway User Interface (CVE-2021-20485, CVE-2021-20563)

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667.

CVE-2021-20435: Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Bridge (CVE-2021-20434, CVE-2021-38864, CVE-2021-20435)

IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.

CVE-2020-4941: IBM Edge information disclosure CVE-2020-4941 Vulnerability Report

IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941.

CVE-2021-33693: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.

CVE-2021-33694: SAP Security Patch Day – August 2021 - Product Security Response at SAP - Community Wiki

SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting.

CVE-2021-20433: Security Bulletin: IBM Security Guardium is affected by an Information Exposure vulnerability

IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345.

CVE-2021-29773: Security Bulletin: IBM Security Guardium is affected by the following vulnerabilities ( CVE-2021-29773, CVE-2021-2161)

IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865.

CVE-2021-20508: IBM Security Secret Server information disclosure CVE-2021-20508 Vulnerability Report

IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.

CVE-2021-20569: IBM Security Secret Server information disclosure CVE-2021-20569 Vulnerability Report

IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. IBM X-Force ID: 199243.

Apple Patches Zero-Days in iOS 14.8 Update

An important security update addresses vulnerabilities in CoreGraphics and WebKit that may have been actively exploited.

CVE-2021-20498: IBM Security Verify Access Docker information disclosure CVE-2021-20498 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system. IBM X-Force ID: 197972.

CVE-2021-20500: IBM Security Verify Access Docker information disclosure CVE-2021-20500 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.

CVE-2021-20511: IBM Security Verify Access Docker information disclosure CVE-2021-20511 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.

CVE-2021-20497: IBM Security Verify Access Docker information disclosure CVE-2021-20497 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969

CVE-2021-20499: IBM Security Verify Access Docker information disclosure CVE-2021-20499 Vulnerability Report

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973

CVE-2019-3588: McAfee Security Bulletin - VirusScan Enterprise update fixes three vulnerabilities (CVE-2019-3585, CVE-2019-3588, and CVE-2020-7280)

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.

CVE-2019-3585: McAfee Security Bulletin - VirusScan Enterprise update fixes three vulnerabilities (CVE-2019-3585, CVE-2019-3588, and CVE-2020-7280)

Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907