2867 matches found
CVE-2019-18335
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an...
CVE-2019-18340
A vulnerability has been identified in Control Center Server CCS All versions = V1.5.0, SiNVR/SiVMS Video Server All versions = V5.0.0. Both the SiVMS/SiNVR Video Server and the Control Center Server CCS store user and device passwords by applying weak cryptography. A local attacker could exploit...
Design/Logic Flaw
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an...
Design/Logic Flaw
A vulnerability has been identified in Control Center Server CCS All versions = V1.5.0, SiNVR/SiVMS Video Server All versions = V5.0.0. Both the SiVMS/SiNVR Video Server and the Control Center Server CCS store user and device passwords by applying weak cryptography. A local attacker could exploit...
CVE-2019-18335
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. An attacker with network access to the Application Server could be able to gain access to logs and configuration files by sending specifically crafted packets to 80/tcp. Please note that an...
OPENSUSE-SU-2019:2669-1 Security update for dnsmasq
This update for dnsmasq fixes the following issues: Security issues fixed: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation bsc1154849 - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processi...
Siemens SPPA-T3000 Information Disclosure Vulnerability
The SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. An information disclosure vulnerability exists in the Siemens SPPA-T3000. An attacker can exploit the vulnerability to access logs and configuration files by sending careful...
CVE-2019-14865
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure for example by setting RLIMIT, causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots...
Default configuration
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure for example by setting RLIMIT, causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots...
CVE-2019-14865
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure for example by setting RLIMIT, causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots...
CVE-2019-14865
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure for example by setting RLIMIT, causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots...
CVE-2019-14865
A flaw was found in the grub2-set-bootflag utility of grub2. A local attacker could run this utility under resource pressure for example by setting RLIMIT, causing grub2 configuration files to be truncated and leaving the system unbootable on subsequent reboots. Mitigation Remove the...
GHSA-62FX-3V4F-MWXM Bypass of sitemp access restrictions
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to...
Bypass of sitemp access restrictions
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to...
CVE-2010-3292
The updatebad,phishingsites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption e.g., https or digital signature checking which could allow an attacker to replace certain configuration files e.g., phishing whitelist via dns/packet spoofing...
Code injection
The updatebad,phishingsites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption e.g., https or digital signature checking which could allow an attacker to replace certain configuration files e.g., phishing whitelist via dns/packet spoofing...
CVE-2010-3292
The updatebad,phishingsites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption e.g., https or digital signature checking which could allow an attacker to replace certain configuration files e.g., phishing whitelist via dns/packet spoofing...
CVE-2010-3292
The CVE-2010-3292 entry concerns MailScanner (update{_bad,}_phishing_sites scripts) versions around 4.79.11-2. The vulnerability arises because downloaded files are trusted without encryption (e.g., HTTPS) or digital signatures, enabling a man-in-the-middle or spoofing to replace critical configu...
CVE-2019-8133
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with privileges to generate sitemaps can bypass configuration that restricts directory access. The bypass allows overwrite of a subset of configuration files which can lead to...
CVE-2019-8133
CVE-2019-8133 affects Magento: Magento 2.2.x before 2.2.10 and 2.3.x before 2.3.3 or 2.3.2-p1. A user with sitemap-generation privileges can bypass access restrictions and overwrite a subset of configuration files, enabling a denial-of-service condition. Remediation: apply the Magento security up...