Design/Logic Flaw

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...

CVE-2021-37557

A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated but low-privileged attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter...

IBM Cloud Pak for Security Command Execution Vulnerability

IBM Cloud Pak for Security is an application from IBM USA, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated actions faster.IBM Cloud Pak for Security has a security vulnerability that could be exploited by a...

CVE-2021-29697

IBM Cloud Pak for Security CP4S 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system...

The vulnerability of the microprogramming software for Schneider Electric’s spaceLYnk and homeLYnk logic controllers, which stems from errors in the use of standard permissions, allows attackers to bypass authentication procedures.

The vulnerability of the microprogramming software for Schneider Electric’s spaceLYnk and homeLYnk logic controllers is related to errors in the use of standard permissions. Exploiting this vulnerability can allow a malicious actor to bypass authentication procedures remotely...

IBM Cloud Pak for Security 安全漏洞

IBM Cloud Pak for Security is an application from IBM USA, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated actions faster.IBM Cloud Pak for Security has a security vulnerability that could be exploited by a...

Command injection

Dell EMC OpenManage Enterprise-Modular OME-M versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system...

CVE-2020-5321

Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an input validation flaw. The vulnerability allows a remote authenticated attacker with high privileges to spawn tasks with elevated privileges. Root cause: impro...

Sql injection

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration Users Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters...

CVE-2021-33213

The CVE-2021-33213 entry documents an SSRF in Elements-IT HTTP Commander 5.3.3, specifically in the Upload from URL feature. When authenticated, an attacker can supply an internal address to retrieve HTTP/FTP resources from the internal network, exposing internal resources. Root cause: SSRF in th...

PT-2021-5263

Name of the Vulnerable Software and Affected Versions Azure AD affected versions not specified Description The issue is related to errors in security settings of the Azure Active Directory Azure AD service in Microsoft Windows operating systems. It allows a remote attacker to bypass the...

CVE-2021-29151

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...

CVE-2021-32511

QSAN Storage Manager through directory listing vulnerability in ViewBroserList allows remote authenticated attackers to list arbitrary directories via the file path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3...

Mikrotik RouterOs 安全漏洞

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. An assertion failure vulnerability exists in the /nova/bin/console process in Mikrotik RouterOs version 6.44.5. An...

CVE-2021-20574

IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and takeover other accounts. IBM X-Force ID: 199252...

Pulse Connect Secure < 9.1R11.5 (SA44800)

According to its self-reported version, the version of Pulse Connect Secure running on the remote host is greater than 9.0Rx / 9.1Rx and prior to 9.1R11.5. It is, therefore, affected by a buffer overflow vulnerability on the Pulse Connect Secure gateway that allows a remote authenticated user wit...

Hitachi Virtual File Platform 操作系统命令注入漏洞

Hitachi Virtual File Platform is a virtual file platform from Hitachi, Japan. Hitachi Virtual File Platform suffers from an operating system command injection vulnerability that stems from incorrect input validation. A remotely authenticated attacker could pass specially crafted data to the...

CVE-2020-25755

An issue was discovered on Enphase Envoy R3.x and D4.x and other current devices. The upgradestart function in /installer/upgradestart allows remote authenticated users to execute arbitrary commands via the force parameter...

Unspecified Vulnerability in IBM Security Identity Manager (CNVD-2021-42400)

IBM Security Identity Manager ISIM is a suite of identity management and governance solutions from IBM in the United States. The solution automates the creation, modification, re-authentication and termination of user privileges throughout the user lifecycle and supports policy-based password...

CVE-2021-26828

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via viewedit.shtm...