CVE-2022-24446

The CVE-2022-24446 entry concerns Zoho ManageEngine Key Manager Plus 6.1.6, where a user with Operator privileges can view all SSH servers and related user information regardless of associations. The connected documents confirm the affected software and the underlying issue as an access-control w...

CVE-2022-24446

An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers and user information even if no SSH server or user is associated to the operator...

ZOHO ManageEngine Key Manager Plus 安全漏洞

ZOHO ManageEngine Key Manager Plus is a WEB-based SSH secret key management solution from ZOHO that helps you harden, control, manage, monitor and audit SSH keys across the entire lifecycle of the keys. It provides administrators with the ability to visualize SSH management, helping them to...

PT-2022-16703 · Zoho · Zoho Manageengine Admanager Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Key Manager Plus version 6.1.6 Description: An issue was discovered where a user with the level Operator can see all SSH servers and user information, even if no SSH server or user is associated with the operator...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Guardium Data Encryption (GDE) (CVE-2021-45105 and CVE-2021-45046)

Summary Vulnerability in Apache Log4j affects IBM Guardium Data Encryption GDE CVE-2021-45105 and CVE-2021-45046. The patch includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from...

Security Bulletin: A security vulnerability has been identified in Log4j 2 used in IBM Guardium Data Encryption (GDE) (CVE-2021-44228)

Summary Log4j 2 is a logging package used by IBM Security Guardium Data Encryption GDE. That package has a security vulnerability. Consult the bulletin listed below for details. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrar...

MixinTransfer.sol#transferFrom Wrong implementation can potentially allows attackers to reverse transfer and cause fund loss to the users

Handle WatchPug Vulnerability details if toKey.tokenId == 0 toKey.tokenId = tokenId; recordOwnerrecipient, tokenId; // Clear any previous approvals clearApprovaltokenId; if previousExpiration = block.timestamp // The recipient did not have a key, or had a key but it expired. The new expiration is...

CVE-2020-18170

An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions...

CVE-2020-18170

An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions...

Design/Logic Flaw

An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions...

CVE-2020-18170

CVE-2020-18170 affects Abloy Key Manager, version 7.14301.0.0, via the SeChangeNotifyPrivilege component. The issue enables privilege escalation by altering permissions, as described across NVD and vendor/third-party records. No exploit details or in-the-wild PoCs are provided in the connected do...

CVE-2020-18170

An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions...

Abloy Key Manager 安全漏洞

Abloy Key Manager is an application. A key manager. A security vulnerability exists in Abloy Key Manager that stems from an issue in the SeChangeNotifyPrivilege component of Abloy Key Manager version 7.14301.0.0. The vulnerability allows an attacker to elevate privileges by changing the privilege...

ZOHO ManageEngine Key Manager Plus Cross-Site Scripting Vulnerability

ZOHO ManageEngine Key Manager Plus is a WEB-based SSH key management solution from ZOHO that helps you harden, control, manage, monitor and audit SSH keys across the entire lifecycle of a secret key. It provides administrators with visual SSH management capabilities to help them effectively contr...

CVE-2021-28382

Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD...

CVE-2021-28382

Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD...

Cross site scripting

Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD...

CVE-2021-28382

Zoho ManageEngine Key Manager Plus (before 6001) exposes a Stored XSS vulnerability on the user-management page when importing malicious user details from Active Directory. Affects the product in versions prior to 6001. Remediation: upgrade to version 6001 or later per release notes.

CVE-2021-28382

Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD...

Zoho ManageEngine Key Manager Plus 6001 跨站脚本漏洞

ZOHO ManageEngine Key Manager Plus is a WEB-based SSH key management solution from ZOHO that helps you harden, control, manage, monitor and audit SSH keys across the entire lifecycle of a secret key. It provides administrators with visual SSH management capabilities to help them effectively contr...