56 matches found
CVE-2019-0379
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...
CVE-2018-1680
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 145236...
Authorization Bypass
jboss-as-security is vulnerable to authorization bypass attacks. The vulnerability exists as the org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform EAP before 6.3.3 uses the default security domain when a securi...
samba: Smb signing not required by default when smb client connection is used for ipc usage
It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...
Dedicated Micros DVR products use plaintext protocols and require no password by default
Overview Dedicated Micros DVR products, including the DV-IP Express, SD Advanced, SD, EcoSense, and DS2, by default use plaintext protocols and require no password. Description CWE-311: Missing Encryption of Sensitive Data Dedicated Micros DVR products by default use HTTP, telnet, and FTP rather...
Juniper Junos IPv6 SEND Handling Denial of Service Vulnerability
Juniper Networks JUNOS is an operating system that runs on Juniper Networks' line of border routers and more. A denial of service vulnerability exists in IPv6 sendd in Juniper Networks Junos. When the program is configured with the 'set protocols neighbor-discovery secure security-level default'...
Security: Wrong security context loaded when using SAML2 STS Login Module
It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...
DEBIAN-CVE-2014-0071
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...
UBUNTU-CVE-2014-0071
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...
CVE-2014-0071
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...
PackStack: Neutron Security Groups fail to block network traffic
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...
Apache Tomcat's default security policy is too open
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...
Apache Tomcat's default security policy is too open
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...
Moving a subtask Issue Type will sometimes ask the user for a Security Level even though this value is inherited from the Parent Issue.
When you move a subtask from an Issue Type where Security Level is a hidden field, to one where Security Level is no longer hidden, the system can mistakenly ask the User for a new Security Level. This is only a minor issue, as then the subtask will not actually take on the chosen value - it will...
Cisco wireless access points unauthorized access
It's possible reset access point security settings to defaults...
Solaris 8 (x86) : 116442-01
SunOS 5.8x86: Solaris sadmind default sec. Date this patch was last updated by Sun : Feb/06/04 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...