Authentication flaw

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

CVE-2021-41090 Instance config inline secret exposure

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

OSIsoft PI Vision 跨站脚本漏洞

Osisoft OSIsoft PI Vision is a suite of visualization tools from OSIsoft Osisoft USA that supports accessing PI System data from mobile devices, and supports self-configuration of trends, images, and data values in order to present data information. A cross-site scripting vulnerability exists in...

OPENSUSE-SU-2021:1162-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: ansible: - The support level for ansible is l2, not l3 dracut-saltboot: - Force installation of libexpat.so.1 bsc1188846 - Use kernel parameters from PXE formula also for local boot golang-github-prometheus-prometheus: - Provide and reload firewalld...

openSUSE: Security Advisory for golang-github-prometheus-prometheus (openSUSE-SU-2021:2664-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

...

DEBIAN-CVE-2021-26528

The mghttpservefile function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool...

CVE-2021-26529

The mgtlsinit function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 compiled with mbedTLS support is vulnerable to remote OOB write attack via connection request after exhausting memory pool...

CVE-2021-26528

The mghttpservefile function in Cesanta Mongoose HTTP server 7.0 is vulnerable to remote OOB write attack via connection request after exhausting memory pool...

openSUSE Security Update : SUSE Manager Client Tools (openSUSE-2020-1105)

This update fixes the following issues : dracut-saltboot : - Print a list of available disk devices bsc1170824 - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus : - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'ha...

Multiple NETGEAR Product License Issue Vulnerabilities (CNVD-2020-33662)

NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 and others are a wireless WiFi device from NETGEAR. NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 version 2.5.1.106, Outdoor Satellite RBS50Y version 2.5.1.106 and Pro Tri-Band Business WiFi An authorization iss...

CVE-2020-11551

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi...

Design/Logic Flaw

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi...

CVE-2020-11551

NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 v2.5.1.106, Outdoor Satellite (RBS50Y) v2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 v2.5.1.106 are affected. The issue stems from an unauthenticated write vulnerability in the administrative SOAP interface, al...

CVE-2020-11551

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi...

CVE-2020-5555

Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue...

CVE-2020-8599

Trend Micro Apex One 2019 and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability...

CVE-2019-11601

A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location...

CVE-2019-1629

A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...

Authorization Bypass

JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface JNDI Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract...