CVE-2020-17383

A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote...

Nec Platforms Univerge Dt 安全漏洞

Nec Platforms Univerge Dt is a series of desktop phones from Nec Platforms Japan. A security vulnerability exists in Univerge Dt that originates from the possibility of obtaining phone configuration information when analyzing packets using IP Phone Manager or data maintenance tools. The following...

CVE-2020-35209

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information...

VulnCheck KEV: CVE-2019-18988

TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended...

CVE-2021-34702

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker...

CVE-2021-34702 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The ISE collects real-time information about the network, users, and devices to formulate and enforce policies to regulate the network. A security vulnerability exists in the Cisco Identit...

CVE-2021-41584

Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response information disclosure of possibly sensitive build/configuration details via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header...

ROS-2-1234

2.1234 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...

HolesWarm Malware Exploits Unpatched Windows, Linux Servers

By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June. The basic cryptominer botnet has been so successful at juggling so many different known vulnerabilities between...

COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS

Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application allows an unauthenticated attacker to change the configuration of the DVR arguments and/or cause denial-of-service scenario throug...

CVE-2021-32002

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware...

AD Starter Scan - Null sessions

Binary data adsinullsession.nbin...

华为智能手机信任管理问题漏洞

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI are vulnerable to a trust management issue, which stems from improper management of device to credentials. An attacker could use this vulnerability t...

Avaya Aura Utility Services 安全漏洞

Avaya Aura Utility Services is a group of tools and applications that support enterprise IP telephony from Avaya USA. A security vulnerability exists in Avaya Aura Utility Services that allows any local user to access system features and configuration information that should only be available to...

CVE-2021-26996

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks...

CVE-2021-20730

Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors...

CVE-2021-30357

SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access...

BUFFALO INC WSR-1166DHP3-BK 访问控制不当漏洞

Buffalo WSR-1166DHP3 and WSR-1166DHP4 are routers from BUFFALO INC. An access control error vulnerability exists in Buffalo WSR-1166DHP3 and WSR-1166DHP4, which could be exploited by an attacker to obtain configuration information via unspecified vectors...

Fixed in Apache Tomcat 8.5.66

Low: Authentication weakness CVE-2021-30640 Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data eg user names as well as configuration data provided by an administrator. In limited circumstances it was possible for...