CVE-2021-37207

A vulnerability has been identified in SENTRON powermanager V3 All versions. The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...

CVE-2020-10054

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the...

CVE-2020-10053

CVE-2020-10053 affects Siemens SIMATIC RTLS Locating Manager prior to version 2.12. The vulnerability stems from the application writing sensitive data, such as database credentials, in configuration files, enabling a local attacker with access to those files to leverage the information for furth...

CVE-2020-10053

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attack...

ALSA-2021:4315 Moderate: spamassassin security update

The SpamAssassin tool provides a way to reduce unsolicited commercial email spam from incoming email. Security Fixes: spamassassin: Malicious rule configuration files can be configured to run system commands CVE-2020-1946 For more details about the security issues, including the impact, a CVSS...

CVE-2020-14379

A flaw was found in broker. An XEE attack can used in Broker's configuration files, leading to DoS and information disclosure. The highest threat from the vulnerability is to system availability...

Red Hat JBoss EJB Client 代码问题漏洞

Red Hat JBoss EJB Client is an application server client for the Red Hat community in the United States. It provides a container for managing EJBs. A code issue vulnerability exists in Red Hat JBoss EJB Client that stems from the product's failure to appropriately handle the contents of...

SUSE-SU-2021:3527-1 Security update for wireguard-tools

This update for wireguard-tools fixes the following issues: - Removed world-readable permissions from /etc/wireguard bsc1191224...

Nameko 代码问题漏洞

Nameko is a Python framework for building microservices. A security vulnerability exists in Nameko that stems from the fact that Nameko in 2.13.0 can be tricked into executing arbitrary code when deserializing configuration files...

CVE-2017-20007

Ingeteam INGEPAC DA AU AUC1.13.0.28 and before web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this...

CVE-2017-20007

Ingeteam INGEPAC DA AU AUC1.13.0.28 and before web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this...

Design/Logic Flaw

Ingeteam INGEPAC DA AU AUC1.13.0.28 and before web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this...

CVE-2017-20007 Information Exposure in INGEPAC DA AU

Ingeteam INGEPAC DA AU AUC1.13.0.28 and before web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this...

CVE-2017-20007

CVE-2017-20007 affects Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and earlier) web applications. The issue allows an unauthenticated remote attacker with access to the device’s web service to reach a path that contains sensitive information and could be used to obtain different configuration files, en...

Slack: [Android] Directory traversal leading to disclosure of auth tokens

Files uploaded to and opened in Slack with specially-crafted names could cause the Android operating system to overwrite configuration files on customer devices, potentially exposing Slack data to attacker-controlled websites. In order to take advantage of this vulnerability, attackers needed to ...

SUSE: Security Advisory (SUSE-SU-2021:3348-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Config Handler 安全漏洞

Config Handler is an open source package. It is used for loading configurations, deep merging packages, global, and environments. Config Handler has a security vulnerability that stems from the fact that all versions of the package configuration handler are susceptible to prototype contamination...

CVE-2021-29700

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656...

Information disclosure

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656...

CVE-2021-29700

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656...