CVE-2021-37736

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

CVE-2021-37736

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

CVE-2021-37736

CVE-2021-37736 is a remote authentication bypass vulnerability in Aruba ClearPass Policy Manager. Affected versions are ClearPass Policy Manager 6.10.x before 6.10.2, 6.9.x before 6.9.7-HF1, and 6.8.x before 6.8.9-HF1. Aruba has released patches addressing this vulnerability. The CVE description ...

Aruba ClearPass Policy Manager 授权问题漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a secure access management system for wireless networks.A security vulnerability exists in Aruba ClearPass Policy Manager, which stems from a remote authentication bypass vulnerability in Aruba ClearPass Policy Manage...

Juniper Networks Junos OS 安全漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS that arises from the fact that in broadband...

CVE-2021-41323

Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter...

Cybozu Remote Service 资源管理错误漏洞

A denial of service vulnerability exists in Cybozu Remote Service, a remote service management software used by Cybozu Japan to access Cybozu's internal systems. A remote authentication attacker can exploit this vulnerability to cause a denial of service...

CVE-2021-41583

vpn-user-portal aka eduVPN or Let's Connect! before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional V...

CVE-2021-20563

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 19923...

CVE-2021-20563

IBM Sterling File Gateway versions 2.2.0.0–6.1.0.3 are affected by an information-disclosure vulnerability. A remotely authenticated user can disclose a valid server filepath by sending a specially crafted request, enabling potential follow-on attacks. Impact is described as information disclosur...

Moodle 信息泄露漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the application outputting too much data. A remotely...

IBM Security Guardium Information Disclosure Vulnerability (CNVD-2021-87027)

IBM Security Guardium is a suite of platforms from IBM USA that provides data protection capabilities. The platform includes features such as customizable UI, report management and streamlined audit process building.IBM Security Guardium has a security vulnerability that could be exploited by a...

The vulnerability of the Apache Druid analytical database, related to deficiencies in authentication mechanisms, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Apache Druid analytical database is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the iControl REST API interface for access control and remote authentication solutions like BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) as well as the server software BIG-IQ Centralized Management allows a perpetrator to execute arbitrary commands on the target system.

The vulnerability of the iControl REST API for access control and remote authentication tools of BIG-IP LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO as well as the server software BIG-IQ Centralized Management is related to insufficient...

The vulnerabilities of BIG-IP’s access control and remote authentication mechanisms (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) are related to the lack of protective measures for the website structure. This allows attackers to carry out cross-site scripting attacks.

The vulnerabilities of BIG-IP access control and remote authentication mechanisms LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM are related to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows a malicious actor to perfor...

CVE-2021-20772

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege...

CVE-2021-20756

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege...

CVE-2013-4717

Multiple SQL injection vulnerabilities in Open Ticket Request System OTRS Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm,...

UBUNTU-CVE-2013-4717

Multiple SQL injection vulnerabilities in Open Ticket Request System OTRS Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm,...

[SECURITY] [DLA 2736-1] lynx security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2736-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 09, 2021 https://wiki.debian.org/LTS -...