CVE-2021-1237 Cisco AnyConnect Secure Mobility Client for Windows DLL Injection Vulnerability

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials o...

Cisco AnyConnect Secure Mobility Client for Windows DLL Injection Vulnerability

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials o...

CVE-2021-21614

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2021-21614

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2020-26050

SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-2019-12572...

CVE-2020-36166

An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager aka VIOM Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from...

CVE-2020-36162

An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems users can create directories under :. ...

CVE-2020-36167

An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, whi...

CVE-2020-36166

An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager aka VIOM Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from...

CVE-2020-36164

An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file which does not exist at the following locations in both the System drive typically C:\ and the product's...

Veritas Backup Exec Code Issue Vulnerability

Veritas Technologies Veritas Backup Exec is a powerful suite of data backup and recovery tools from Veritas Technologies. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies installation and improves manageability...

CVE-2020-35391

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information possibly including an httppasswd line via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must b...

Exploit for Cross-site Scripting in Redhat Keycloak

reconFTW...

CVE-2020-13473

NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file...

CVE-2020-13473

NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file...

Design/Logic Flaw

NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file...

CVE-2020-13473

NCH Express Accounts 8.24 and earlier allows local users to discover the cleartext password by reading the configuration file...

CVE-2020-13473

CVE-2020-13473 affects NCH Express Accounts 8.24 and earlier. Local users can read the configuration file and recover the cleartext password, exposing confidential information (CVSS 3.1: LOCAL, HIGH confidentiality impact). The provided documents do not include remediation/patch details.

Security Bulletin: Publicly disclosed vulnerability from Samba affects IBM Netezza Host Management

Summary Samba is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. Vulnerability Details CVEID: CVE-2020-1472 DESCRIPTION: Microsoft Windows could allow a remote attacker to gain elevated privileges on the system, caused by an error when establishing a...

Linux: Read ssh authorized_keys file

The authorizedkeys file in SSH specifies the SSH keys that can be used for logging into the user account for which the file is configured. It is a highly important configuration file, as it configures permanent access using SSH keys and needs proper management. Note: This script outputs the conte...