PT-2023-19683 · Arista · Arista Cloudvision Portal

Name of the Vulnerable Software and Affected Versions: Arista CloudVision Portal affected versions not specified Description: The issue is related to improper access controls on the connection from devices to CloudVision, which could allow a malicious actor with network access to CloudVision to...

Jenkins: Information disclosure through error stack traces related to agents

A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers...

PT-2023-3091 · Abb · Abb Terra Ac Wallbox

Name of the Vulnerable Software and Affected Versions: ABB Terra AC wallbox UL40/80A versions 1.0;0 through 1.5.5 ABB Terra AC wallbox UL32A versions 1.0;0 through 1.6.5 ABB Terra AC wallbox CE Terra AC MID versions 1.0;0 through 1.6.5 ABB Terra AC wallbox CE Terra AC Juno CE versions 1.0;0 throu...

Sage Group Sage 300 信任管理问题漏洞

Sage Group Sage 300 is a well-established, closed-source enterprise resource planning ERP solution from Sage Group UK, designed to facilitate the management of an organization. A security vulnerability exists in Sage Group Sage 300 version 2022 and prior versions that stems from the use of a...

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

Design/Logic Flaw

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50W firmware versions 5.10 through 5.35, USG20W-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails ...

BlackVue DR750-2CH LTE 访问控制错误漏洞

BlackVue DR750-2CH LTE is an in-vehicle full HD monitor from BlackVue. A security vulnerability exists in the BlackVue DR750-2CH LTE version v.1.0122022.10.26 that stems from not authenticating in its web server. An attacker exploiting this vulnerability could access sensitive information such as...

CVE-2023-1552 ToolboxST Deserialization of Untrusted Configuration Data

ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...

CVE-2023-28877

The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...

CVE-2023-28877

The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...

CVE-2023-28877

The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...

CVE-2023-28877

The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...

VTEX apps-graphql 安全漏洞

VTEX apps-graphql is a graphql API module for VTEX IO applications from VTEX UK. A security vulnerability exists in the VTEX [email protected] GraphQL API module that stems from not properly restricting unauthorized access to private configuration data...

dev-java/snakeyaml: DoS via stack overflow

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack...

Cisco FXOS Software和UCS Manager 安全特征问题漏洞

Cisco FXOS Software and Cisco UCS Manager are both products of Cisco, Inc.Cisco FXOS Software is a suite of firewall software that runs in Cisco security appliances.Cisco UCS Manager is an excellent computer plug-in for managing sketchup coordinate systems. . A security vulnerability exists in...

CVE-2023-20016

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...

SUSE CVE-2008-2402

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

WAVLINK WL-WN533A8 Access Control Issue Vulnerability

WAVLINK WL-WN533A8 is a router from China's RuiYin Technology WAVLINK. The WAVLINK WL-WN533A8 suffers from an Access Control Issue vulnerability that originates from improper access control in the component /cgi-bin/ExportLogs.sh, which can be exploited by an attacker to download configuration da...

CVE-2022-48166

An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...

Design/Logic Flaw

An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials...