Hashicorp Terraform 信息泄露漏洞

Hashicorp Terraform is an open source tool for provisioning and managing cloud infrastructures from HashiCorp Hashicorp, USA. A security vulnerability exists in HashiCorp Terraform Enterprise versions prior to 202108-1, which stems from the fact that HashiCorp Terraform Enterprise prior to...

CVE-2021-31338

A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.0 SP1. Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device...

CVE-2021-31338

The CVE-2021-31338 issue affects SINEMA Remote Connect Client (all versions

CVE-2021-3707

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...

Command injection

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...

CVE-2021-3707

CVE-2021-3707 (and CVE-2021-3708) affects D-Link DSL-2750U routers with firmware vME1.16 or earlier. The issues allow an unauthenticated attacker on the local network to perform dangerous actions: CVE-2021-3707 enables unauthorized configuration modification, while CVE-2021-3708 enables OS comman...

D-Link DSL-2750U安全漏洞

The D-Link DSL-2750U is a wireless N 300 ADSL2 modem router.An unauthorized configuration modification vulnerability exists in the D-Link DSL-2750U ME1.16 and earlier versions. An attacker could use this vulnerability to modify the configuration without authorization...

PT-2021-21488 · D Link · Dsl-2750U

Name of the Vulnerable Software and Affected Versions: D-Link router DSL-2750U versions vME1.16 and prior Description: The issue allows an unauthenticated attacker on the local network to modify the configuration and execute any OS commands on the vulnerable device. Recommendations: For D-Link...

CVE-2021-33214

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation...

Authentication Bypass in ASG and ProxySG

Summary The Symantec Advanced Secure Gateway ASG and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance...

Siemens SINAMICS SL150 Input Validation Error Vulnerability

Siemens SINAMICS SL150 is an application program of Siemens, Germany. Cyclic frequency converter for high-torque slow-speed synchronous and induction motors. An input validation error vulnerability exists in the SINAMICS SL150, which can be exploited by an attacker to cause a denial-of-service...

CVE-2020-1716

A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...

CVE-2021-29203

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands,...

CVE-2021-1284

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able t...

CVE-2021-1284

CVE-2021-1284 describes an authentication bypass vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software. An unauthenticated, adjacent attacker can exploit crafted HTTP requests to bypass authentication/authorization and gain unauthenticated read and write acce...

Authorization Bypass

ceph:edge is vulnerable to authorization bypass. ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks...

Cross site request forgery (csrf)

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the NX-API on an affected device. An attacker cou...

Rockwell Automation FactoryTalk Services Platform

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: FactoryTalk Services Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation of this vulnerability...

CVE-2019-18255

HMI/SCADA iFIX Versions 6.1 and prior allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation...

Micro Focus SUSE CaaS Platform Security Vulnerability

A security vulnerability exists in SUSE CaaS Platform that stems from enabling a local attacker to leak a bootstrapToken or modify a configuration file before processing it, leading to arbitrary modifications to a computer/cluster...