CVE-2021-20171

Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device...

Trendnet AC2600 安全漏洞

Trendnet AC2600 TEW-827DRU is a wireless router.The Trendnet AC2600 TEW-827DRU has a security vulnerability that could be exploited by an attacker to store user names and passwords in plaintext in the device's configuration file...

Netgear Nighthawk R6700 加密问题漏洞

The Netgear Nighthawk R6700 is a wireless router from Netgear, Inc. An encryption vulnerability exists in the Netgear Nighthawk R6700, which stems from the product's failure to encrypt account information. An attacker could obtain plaintext account information in the Zhu configuration file throug...

CVE-2021-35035

A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file...

Information disclosure

A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file...

CVE-2021-35035

A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated attacker to obtain sensitive information from the configuration file...

Vulnerability fixed in Apache Log4j

A vulnerability has been fixed in Apache Log4j. The vulnerability with reference CVE-2021-44832 allows a malicious person to execute execute arbitrary code. To exploit the vulnerability an attacker must have the ability to modify a configuration file modify a configuration file that the vulnerabl...

Zyxel NBG6604 信息泄露漏洞

The Zyxel NBG6604 is a dual-band wireless router from China-based Hopkins Technology Zyxel. The Zyxel NBG6604 suffers from an information disclosure vulnerability that originates from the plaintext storage of sensitive information in the Zyxel NBG6604 firmware, which can be exploited by an...

CVE-2021-44028

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...

CVE-2021-44028

CVE-2021-44028 : XXE vulnerability in Quest KACE Desktop Authority before 11.2 due to attacker-controlled log4net configuration files. The initial description ties the issue to a log4net configuration weakness (related to CVE-2018-1285). Connected documents do not provide further product-specific...

CVE-2021-44028

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285...

sssd bug fix and enhancement update

The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch NSS and the Pluggable Authentication Modules PAM interfaces toward the system, and a pluggable back-end system ...

sssd bug fix and enhancement update

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon SSSD service provides a set of daemons to...

Unspecified Vulnerability in Parallels Remote Application Server

Parallels Remote Application Server RAS is an application delivery and VDI Virtual Desktop Infrastructure solution from Parallels, Inc. A security vulnerability exists in Parallels Remote Application Server RAS that originated from a vulnerability that allows a local attacker to retrieve certain...

DEBIAN-CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers...

CVE-2021-39312

The True Ranker plugin = 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the /admin/vendor/datatables/examples/resources/examples.php file...

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

Privilege Escalation

github.com/opensearch-project/opensearch-cli is vulnerable to Privilege Escalation. The vulnerability exists due to the weak file path permission in the configuration file, allowing an attacker to read or write any file on the file path...

in pytorchlightning/pytorch-lightning

Description There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning's saving.py core.saving.loadhparamsfromyaml functionality is calling "yaml.UnsafeLoader" from pyyaml Python library which is not secure method. Because of that, maliciously...

CVE-2021-44833

The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file...