PT-2020-16750 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.2.3-25426-2 Description: The issue concerns the cleartext transmission of sensitive information in DDNS, allowing man-in-the-middle attackers to eavesdrop on authentication information of...

CVE-2020-6319

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal...

ARC Informatique PcVue Denial of Service Vulnerability

Pcvue is a multi-functional HMI-SCADA software from ARC Informatique, an all-in-one solution that monitors all aspects of a customer's assets.PcVue is used in a wide range of applications including industrial control, building management, energy management, smart grid, energy distribution,...

Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Exploit

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. Additionally, the target user must have the "Data Loss Prevention" role assigned and an active mailbox. If the user is in th...

Cisco Jabber for Windows Information Disclosure Vulnerability (CNVD-2020-51776)

Cisco Jabber for Windows securely unifies status, instant messaging, video, voice, voice messaging, screen sharing, and conferencing capabilities into a single client that simplifies communications and increases productivity. An information disclosure vulnerability exists in Cisco Jabber for...

The vulnerability of the Red Hat OpenShift Container Platform corporate platform arises from the lack of measures taken to protect the website structure, allowing attackers to expose authentication data.

The vulnerability of the Red Hat OpenShift Container Platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to obtain authentication credentials through a specially created link...

Information Disclosure

com.liferay.dynamic.data.mapping.service is vulnerable to information disclosure. The vulnerability exists as it does not remove authentication data in the response sent by the DDMDataProvider API...

CVE-2020-11557

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value...

Information Disclosure Vulnerability in Multiple Rockwell Automation Products

Rockwell Automation MicroLogix 1400 Controllers Series A and so on are the products of Rockwell Automation, Inc.Rockwell Automation MicroLogix 1400 Controllers Series A is a programmable logic controller.MicroLogix 1100 Controllers is a programmable logic controller.RSLogix 500 Software is a set ...

The vulnerability of Cisco Small Business RV016, RV042, RV042G, and RV082 router microprogramming software lies in the presence of embedded authentication data (a static H.509 certificate), which allows attackers to escalate their privileges.

The vulnerability of Cisco Small Business RV016, RV042, RV042G, and RV082 router microprogramming software is related to the presence of embedded authentication data static certificate H.509. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

The vulnerability of the etc/shadow microprogramming software components of Cisco Small Business RV016, RV042, RV042G, and RV082 allows a hacker to elevate their privileges to the level of root or lldpd.

The vulnerability of the etc/shadow microprogramming software components of Cisco Small Business RV016, RV042, RV042G, and RV082 is related to the presence of embedded authentication data. Exploiting this vulnerability can allow an attacker to elevate their privileges to the level of root or lldp...

Multiple Weidmueller Product Information Disclosure Vulnerabilities

Weidmueller IE-SW-VL05M-5TX and so on are an industrial Ethernet switch from Weidmueller, Germany. An information disclosure vulnerability exists in multiple Weidmueller products, which can be exploited by an attacker to guess the authentication information in a cookie...

The vulnerability of the JunOS operating system, related to the logging of authentication data in an open manner, allows a perpetrator to obtain account information.

The vulnerability of the JunOS operating system’s port control console is related to the logging of authentication credentials in an open manner. Exploiting this vulnerability allows a perpetrator to obtain these credentials...

Rakuma Information Leakage Vulnerability

Rakuma is a shopping app from the Japanese company Rakuten. The Rakuma App suffers from an information leakage vulnerability that can be exploited by an attacker to obtain user authentication information...

The vulnerability of Wago industrial-controlled switches is related to the presence of pre-installed authentication data, which allows a intruder to gain access to the device.

The vulnerability of Wago industrial-controlled switches lies in the presence of pre-installed authentication data SSH keys. Exploiting this vulnerability allows a remote attacker to gain access to the device via the SSH protocol...

python: Information Disclosure due to urlsplit improper NFKC normalization

It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications IDNA, which may result in a wrong domain name specifically the netloc component of URL - user@domain:port bei...

Important: python

Issue Overview: A security regression of CVE-2019-9636 was discovered in python, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of...

DEBIAN-CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

CVE-2019-5448

Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network...

CVE-2019-5448

CVE-2019-5448 affects Yarn; the vulnerability arises from HTTP URLs in a Yarn lockfile that can cause unencrypted authentication data to be transmitted. The connected advisories confirm Photon OS and Nessus plugins flag Yarn as affected and advise updating the Yarn package to mitigate. The exact ...