1072 matches found
OPENSUSE-SU-2021:2892-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has...
SUSE-SU-2021:2890-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has...
The vulnerability of the Modbus protocol implementation in microprogrammed software for programmable logic controllers like Modicon Quantum allows a intruder to trigger malfunctions in the equipment or unauthorized changes to its configuration.
The vulnerability of the Modbus protocol implementation in microprogrammed logic controllers like Modicon Quantum is related to errors in privilege management. Exploiting this vulnerability could allow an attacker to cause service failures or unauthorized changes to the PLC’s configuration...
CVE-2021-31338
A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.0 SP1. Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device...
Multiple vulnerabilities in D-Link router DSL-2750U
Overview D-Link router DSL-2750U is vulnerable to unauthorized configuration modification CWE-15, CVE-2021-3707 and OS command injection CWE-78, CVE-2021-3708. Mohammed Hadi reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An unauthenticated attacker on t...
PT-2021-4888 · Adobe +2 · Xmp Toolkit Sdk +2
Name of the Vulnerable Software and Affected Versions: XMP Toolkit SDK versions 2020.1 and earlier Description: The issue is related to a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become...
Dell EMC PowerScale OneFS Insufficient Logging Vulnerability
Dell EMC PowerScale OneFS is an API-driven file system. version 8.2.-9.2. of Dell EMC PowerScale OneFS is vulnerable to insufficient logging. An attacker could exploit this vulnerability to make unaudited and untraceable configuration changes to settings that their role is authorized to change...
CVE-2021-21568
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISIPRIVLOGINPAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change...
CVE-2021-21568
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISIPRIVLOGINPAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change...
Design/Logic Flaw
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISIPRIVLOGINPAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change...
CVE-2021-21568
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISIPRIVLOGINPAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change...
DELL EMC PowerScale 安全漏洞
Dell EMC PowerScale OneFS is an API-driven file system. version 8.2.-9.2. of Dell EMC PowerScale OneFS is vulnerable to insufficient logging. An attacker could exploit this vulnerability to make unaudited and untraceable configuration changes to settings that their role is authorized to change...
CVE-2021-1600
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...
CVE-2021-1601
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...
Input validation
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...
Input validation
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...
CVE-2021-1600 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...
CVE-2021-1600 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...
CVE-2021-1601 Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...
Cisco Intersight Virtual Appliance IPv4 and IPv6 Forwarding Vulnerabilities
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access sensitive internal services from an external interface. These vulnerabilities are due to insufficient restrictions for IPv4 or IPv6 packets that are received on the external...