In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. Date published : 2021-09-21 http://packetstormsecurity.com/files/164255/Cloudron-6.2-Cross-Site-Scripting.html https://packetstormsecurity.com/files/164183/Cloudron-6.2-Cross-Site-Scripting.html
The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not...
Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds. Date published :...
In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) –gpu-launcher argument. This...
ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities. Date published : 2021-09-21 https://www.manageengine.com https://www.manageengine.com/products/ad-manager/release-notes.html#7111
ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. Date published : 2021-09-21 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release https://www.manageengine.com
ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. Date published : 2021-09-21 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release https://www.manageengine.com
ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. Date published : 2021-09-21 https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release https://www.manageengine.com
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the...
In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification. Date published : 2021-09-21 https://advisories.octopus.com/adv/2021-08—Remote-Code-Execution-via-Deserialisation-in-the-Halibut-Protocol-%28CVE-2021-31819%29.2250309681.html
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive...
IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557....
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. Date published : 2021-09-21 https://www.manageengine.com https://www.manageengine.com/products/desktop-central/unauthenticated-command-injection-vulnerability.html
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver...