869 matches found
华为智能手机信任管理问题漏洞
Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI are vulnerable to a trust management issue, which stems from improper management of device to credentials. An attacker could use this vulnerability t...
Avaya Aura Utility Services 安全漏洞
Avaya Aura Utility Services is a group of tools and applications that support enterprise IP telephony from Avaya USA. A security vulnerability exists in Avaya Aura Utility Services that allows any local user to access system features and configuration information that should only be available to...
CVE-2021-26996
E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks...
CVE-2021-20730
Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors...
CVE-2021-30357
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access...
BUFFALO INC WSR-1166DHP3-BK 访问控制不当漏洞
Buffalo WSR-1166DHP3 and WSR-1166DHP4 are routers from BUFFALO INC. An access control error vulnerability exists in Buffalo WSR-1166DHP3 and WSR-1166DHP4, which could be exploited by an attacker to obtain configuration information via unspecified vectors...
Fixed in Apache Tomcat 8.5.66
Low: Authentication weakness CVE-2021-30640 Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for...
CVE-2021-3511
Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and...
Buffalo broadband routers 安全漏洞
Buffalo Firmware is a networking device from Buffalo Japan. A security vulnerability exists in Buffalo broadband routers that originates from allowing an unauthenticated, remote attacker to gain access to information, such as configurations, via unspecified vectors. The following products and...
Liberty lisPBX 安全漏洞
Common Lisp Lispbox is Common Lisp open source an IDE. A security vulnerability exists in Liberty lisPBX version 2.0-4, which can be exploited by an attacker to remotely retrieve configuration backup files from /backup/lispbx-CONF-YYYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without...
tomcat -- JNDI Realm Authentication Weakness in multiple versions
ilja.farber reports: Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate...
Cisco SD-WAN vManage 输入验证错误漏洞
Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. Cisco SD-WAN vManage has an input validation error vulnerability that stems from insufficient input validation of certain commands by the...
Apache Airflow Access Control Error Vulnerability
Apache Airflow is an Apache project maintained by the open source community dedicated to scheduling and monitoring workflows, open sourced by Airbnb in October 2014 and graduated from the Apache Foundation in January 2019 to become the new Apache top-level project. Failure of proper access contro...
CVE-2021-1412
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only...
CVE-2021-25244
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton...
Trend Micro Worry-Free Business Security 访问控制错误漏洞
Trend Micro Worry-Free Business Security is a suite of enterprise-class information security protection solutions from Trend Micro. The product provides anti-spam, anti-virus, network security and e-mail protection. An access control error vulnerability exists in Trend Micro Worry-Free Business...
Cisco IOS和Cisco IOS XR 权限许可和访问控制问题漏洞
Cisco IOS XR software is a modular and fully distributed network operating system for service provider networks. An information disclosure vulnerability exists in the CLI parser in Cisco IOS XR versions prior to 7.1.2, 7.2.1, and 7.3.1. The vulnerability stems from insufficient application of...
CVE-2021-1129
A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance ESA, Cisco Content Security Management Appliance SMA, and Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to access general system information and...
IBM Security Secret Server Information Disclosure Vulnerability (CNVD-2020-74625)
IBM Security Secret Server is a set of privileged access management solutions from IBM USA. The product supports password management, privileged account identification and privileged session access monitoring and logging. An information disclosure vulnerability exists in IBM Security Secret Serve...
CVE-2020-0459
In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interacti...