CVE-2021-35587 vulnerabilities and exploits

(subscribe to this query)

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials...

Cisco Anyconnect Secure Mobility Client7 Github repositories available2 Articles available

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing...

Glpi-project Glpi8 Github repositories available

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web...

Cisco Firepower Threat Defense Cisco Adaptive Security Appliance Software8 Github repositories available2 Articles available

Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation....

Adobe Genuine Integrity Service7 Github repositories available

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing....

Apple Safari6 Github repositories available

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls....

Vmware Vcenter Server 6.738 Github repositories available6 Articles available

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director...

Vmware Vcloud Director10 Github repositories available1 Article available

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to...

Vmware Esxi 6.5 Vmware Esxi 6.7 Vmware Cloud Foundation Vmware Esxi 7.0.08 Github repositories available3 Articles available

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8....

Vmware Horizon Daas Vmware Esxi 6.0 Vmware Esxi 6.5 Vmware Esxi 6.7 Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Server 7.0 Redhat Enterprise Linux Server Aus 7.7 Redhat Enterprise Linux Server Eus 7.7 Redhat Enterprise Linux Server Tus 7.7 Redhat Enterprise Linux Workstation 7.0 Openslp Openslp 1.2.1 Openslp Openslp 2.0.0 Fedoraproject Fedora 30 Fedoraproject Fedora 317 Github repositories available

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF...

Boltcms Bolt6 Github repositories available

« PREV 1 2 3 4 5 6 7 8 9 10 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook