CVE-2021-3167

creationtimestamp| type| source ---|---|--- 2021-03-15 19:29:07+00:00| seen| https://t.me/cibsecurity/24905...

CVE-2021-3167

In Cloudera Data Engineering CDE 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs...

CVE-2021-3167

In Cloudera Data Engineering CDE 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs...

CVE-2021-3167

In Cloudera Data Engineering (CDE) 1.3.0, the CVE-2021-3167 issue involves JWT authentication tokens being exposed to administrators via virtual cluster server logs. This is a disclosure impacting confidentiality (tokens visible in logs). The available connected documentation confirms the affecte...

Cisco FXOS Software CLI Command Injection (cisco-sa-20200226-fxos-ucs-cmdinj)

According to its self-reported version, Cisco FXOS Software is affected by a vulnerability in the CLI due to insufficient input validation. An authenticated, local attacker can exploit this, by including crafted arguments to specific commands, in order to execute arbitrary commands on the...

Cisco ASA Software CLI Command Injection (cisco-sa-20200226-fxos-ucs-cmdinj)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability in the CLI due to insufficient input validation. An authenticated, local attacker can exploit this, by including crafted arguments to specific commands, in order to execute arbitrary commands on the underlyi...

Cisco FTD Software CLI Command Injection (cisco-sa-20200226-fxos-ucs-cmdinj)

According to its self-reported version, Cisco FTD Software is affected by a vulnerability in the CLI due to insufficient input validation. An authenticated, local attacker can exploit this, by including crafted arguments to specific commands, in order to execute arbitrary commands on the underlyi...

CVE-2020-3167

CVE-2020-3167 covers a CLI command injection vulnerability in Cisco FXOS Software and Cisco UCS Manager Software. The issue stems from insufficient input validation in CLI commands, allowing an authenticated, local attacker to inject crafted arguments and execute arbitrary OS commands with the pr...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1389)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1419)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2017-1178)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668 and CVE-2017-7679 in IBM i HTTP Server

Summary HTTP Server is supported by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a specially crafted Content-Ty...

CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack...

CVE-2015-3167

Summary: CVE-2015-3167 affects PostgreSQL contrib/pgcrypto; when an incorrect key is used, it returns different error messages, enabling possible key exposure via brute force. The issue affects multiple branches and versions prior to fixed releases. Root cause: inconsistent error responses in pgc...

Photon OS 1.0: Httpd PHSA-2017-0027

An update of the httpd package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0027. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid121721;...

CVE-2018-3167

CVE-2018-3167 is described in the connected Nuclei template as a blind SSRF in the Oracle E-Business Suite Application Management Pack for the User Monitoring subcomponent. Affected versions are 12.1.3, 12.2.3–12.2.7. An attacker with network access via HTTP can read data from a subset of the E-B...

CVE-2018-3167

Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite subcomponent: User Monitoring. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated...

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2017-7679, CVE-2017-7668, CVE-2017-3167)

Summary IBM HTTP Server IHS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section. Affected Products and...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server Vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2017-7679 DESCRIPTION: Apache HTTPD could allow a remote attacker to obtain sensitive information, caused by a buffer overread in modmime. By sending a...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway

Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin...