Moxa NPort Plain Text Storage of Passwords (CVE-2016-9348)

An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPor...

libeconf: Stack overflow in function read_file at libeconf/lib/getfilecontents.c

A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service...

yolov5-face 代码问题漏洞

yolov5-face is a software application. No details are available at this time A security vulnerability exists in yolov5-face that originates from allowing an attacker to execute arbitrary code via a crafted yaml file...

Information Disclosure

chef-identity is vulnerable to Information Disclosure. The vulnerability exists because ChefIdentityBuildWrapper.xml does not properly mask the user.pem key on the form field, allowing an attacker to gain sensitive information if they have access to the global configuration file, or are able to...

GHSA-5JC5-M87X-88FJ Secret displayed without masking by Chef Identity Plugin

Chef Identity Plugin stores the user.pem key in its global configuration file io.chef.jenkins.ChefIdentityBuildWrapper.xml on the Jenkins controller as part of its configuration. While this key is stored encrypted on disk, in Chef Identity Plugin 2.0.3 and earlier the global configuration form do...

Amazon Linux AMI : bind (ALAS-2023-1789)

The version of bind installed on the remote host is prior to 9.8.2-0.68.rc1.90. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1789 advisory. A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished...

mRemoteNG 安全漏洞

mRemoteNG is mRemoteNG open source an open source, tabbed, multi-protocol remote connection manager for Windows. A security vulnerability exists in mRemoteNG v1.76.20 and earlier, 1.77.3-dev and earlier, which stems from the fact that configuration files can be stored on disk in an encrypted stat...

PT-2023-4394 · Mariadb · Mariadb Maxscale

Name of the Vulnerable Software and Affected Versions: MariaDB MaxScale versions prior to 2.5.28 MariaDB MaxScale versions prior to 6.4.9 MariaDB MaxScale versions prior to 22.08.8 MariaDB MaxScale versions prior to 23.02.3 Description: An issue was discovered in MariaDB MaxScale where a user...

Design/Logic Flaw

Local privilege escalation in Check Point Endpoint Security Client version E87.30 via crafted OpenSSL configuration file...

CVE-2023-28133

CVE-2023-28133 relates to a local privilege escalation in Check Point Endpoint Security Client (E87.30). The root cause is a flaw involving a crafted OpenSSL configuration file that allows a low-privilege user (Users group) to elevate privileges via affected components (e.g., TracSrvWrapper.exe, ...

CVE-2023-28133

Local privilege escalation in Check Point Endpoint Security Client version E87.30 via crafted OpenSSL configuration file...

Oracle Linux 8 : bind (ELSA-2023-4102)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4102 advisory. 32:9.11.36-8.1 - Improve RBT overmem cache cleaning CVE-2023-2828 Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2023-28754 ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent

Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machin...

Hardcoded credentials

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

SonicWALL Analytics和GMS 安全漏洞

SonicWALL Analytics and SonicWALL GMS are both products of SonicWALL, Inc. of the U.S. SonicWALL Analytics is a high-performance management and reporting engine for the Web.SonicWALL GMS is a global management system. A powerful and intuitive solution for organizations, distributed enterprises an...

Arbitrary Code Execution

OpenTSDB is vulnerable to Arbitrary Code Execution. The vulnerability is due to not escaping the user supplied input when outputting HTML which allows an attacker to inject and execute arbitrary codes by writing to the gnuplot configuration file...

CVE-2023-23348

HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed...

CVE-2023-23348

HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed...

Design/Logic Flaw

HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed...