15 matches found
EUVD-2019-4914
Malware in sbrugna...
CVE-2019-14477
AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and passwords in the database are weakly encoded or encrypted...
AdRem NetCrunch Trust Management Issues Vulnerability
Adrem Netcrunch is a device monitoring software from the American company Adrem. The software monitors Windows, Linux, Mac OS X, BSD, NetWare, and SNMP devices based on SNMP sources, Windows event logs, and Syslog servers. AdRem NetCrunch 10.6.0.4587 suffers from a Trust Management Issue...
CVE-2019-13421
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...
CVE-2019-13420
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
CVE-2019-13421
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...
Default credentials
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...
CVE-2019-13421
Search Guard versions before 23.1 had an issue that an administrative user is able to retrieve bcrypt password hashes of other users configured in the internal user database...
CVE-2019-13420
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
CVE-2019-13420
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
Code injection
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
CVE-2019-13420
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database...
CVE-2019-13420
CVE-2019-13420 affects floragunn Search Guard (Elasticsearch/ELK plugin) prior to version 21.0. The vulnerability is a timing side-channel in the internal user database, which could leak information and impact confidentiality. The detail provided specifies the root cause as a timing discrepancy w...
jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)
It was discovered that the internal Jenkins user database did not restrict access to reserved names, allowing users to escalate privileges...
ArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass
The version of ArubaOS has an unspecified vulnerability that allows a remote attacker to obtain limited administrative privileges without valid credentials. The vulnerability affects access over SSH. However, access through WebUI and the serial port is not affected, and the vulnerability does not...