CVE-2020-8346

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations...

CVE-2020-15784

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP8. Insecure storage of sensitive information in the configuration files could allow the retrieval of user names...

CVE-2020-15784

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP8. Insecure storage of sensitive information in the configuration files could allow the retrieval of user names...

Information disclosure

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP8. Insecure storage of sensitive information in the configuration files could allow the retrieval of user names...

CVE-2020-15784

Summary (CVE-2020-15784) Affected product: Siemens Spectrum Power 4 (all versions prior to v4.70 SP8). Vulnerability: Insecure storage of sensitive information in configuration files could allow retrieval of usernames (CWE-312). This is the root cause described in the sources. Impact: Potential d...

CVE-2020-15784

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP8. Insecure storage of sensitive information in the configuration files could allow the retrieval of user names...

Debian DLA-2367-1 : lemonldap-ng security update

lemonldap-ng community fixed a vulnerability in the Nginx default configuration files CVE-2020-24660. Debian package does not install any default site, but documentation provided insecure examples in Nginx configuration before this version. If you use lemonldap-ng handler with Nginx, you should...

Debian DSA-4762-1 : lemonldap-ng - security update

It was discovered that the default configuration files for running the Lemonldap::NG Web SSO system on the Nginx web server were susceptible to authorisation bypass of URL access rules. The Debian packages do not use Nginx by default. C Tenable Network Security, Inc. The descriptive text and...

Lenovo Vantage Vulnerability - Lenovo Support US

No description provided...

CVE-2020-7824

A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie valu...

CVE-2020-7824 Ericssonlg iPECS Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of iPECS could allow an authenticated, remote attacker to get administrator permission. The vulnerability is due to insecure permission when handling session cookies. An attacker could exploit this vulnerability by modification the cookie valu...

Mail.ru: Access to git & and configuration files on backtoschool.geekbrains.ru via gitfile

Leaking sensitive application data in configuration files at backtoschool.geekbrains.ru...

CVE-2020-3411

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sendi...

CVE-2020-3411

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sendi...

Design/Logic Flaw

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sendi...

CVE-2020-3411 Cisco DNA Center Information Disclosure Vulnerability

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sendi...

CVE-2020-3411 Cisco DNA Center Information Disclosure Vulnerability

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sendi...

OS Command Injection

apache spamassassin is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands via nefarious rule configuration .cf files...

Arbitrary Command Execution

spamassassin is vulnerable to command execution. The vulnerability exists as crafted nefarious Configuration .cf files can be configured to run system commands similar to CVE-2018-11805...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Apport vulnerabilities (USN-4449-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4449-1 advisory. Ryota Shiga working with Trend Micros Zero Day Initiative, discovered that Apport incorrectly dropped privileges when making...