Siemens SINEMA Server Lack of Authentication Vulnerability

Siemens SINEMA Server is a software developed for industrial applications by Siemens, Germany. It enables you to fully visualize and monitor your network. Siemens SINEMA Server has a security vulnerability that could be exploited by an attacker to obtain encoded system configuration backup files...

CVE-2019-10941

Summary of CVE-2019-10941 : Affected product is Siemens SINEMA Server (all versions prior to v14 SP3). The root cause is Missing authentication for functionality requiring an administrative identity , enabling an attacker with network access to obtain encoded system configuration backup files. Im...

CVE-2019-10941

A vulnerability has been identified in SINEMA Server All versions V14 SP3. Missing authentication for functionality that requires administrative user identity could allow an attacker to obtain encoded system configuration backup files. This is only possible through network access to the affected...

Hitachi ABB Power Grids System Data Manager Encryption Issue Vulnerability

Hitachi ABB Power Grids System Data Manager is a system data manager from Hitachi, Japan. Hitachi ABB Power Grids System Data Manager is vulnerable to an encryption issue that stems from the fact that the application does not encrypt backup files. A local operating system user can modify the back...

Server side request forgery (ssrf)

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...

CVE-2021-22385

A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution...

CVE-2021-22385

A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution...

Johnsoncontrols Metasys Improper Restriction of XML External Entity Reference

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server ADS, ADS-Lite versions 10.1 and prior; Metasys Extended Application and...

Apache Guacamole Default Credentials (HTTP)

The remote Apache Guacamole instance is using known default credentials for the HTTP login. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

QNAP NAS Hybrid Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP NAS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RTSS server, which listens on TCP port 8899 by default. The issue results from the lack of...

CVE-2021-26996

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks...

CVE-2021-26996

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application information which may aid in crafting more complex attacks...

Red Hat Ansible Code Issue Vulnerability

Red Hat Ansible is a computer system configuration manager from Red Hat. The product can be used to publish, manage, and orchestrate computer systems.Ansible Tower is one of the mission control applications that provides a user interface UI, dashboards, and a REST API. A code issue vulnerability...

Jenkins Default Credentials (HTTP)

The remote Jenkins automation server is using known default credentials for the HTTP login. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later...

Arbitrary File Download Vulnerability in FLIR-AX8

Teledyne FLIR specializes in the design, development, production, marketing and promotion of specialized technologies for enhanced situational awareness. An arbitrary file download vulnerability exists in FLIR-AX8. An attacker could exploit the vulnerability to download relevant system...

CVE-2021-3528

A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can...

CVE-2021-3528

CVE-2021-3528 affects noobaa-operator (versions before 5.7.0). The root cause is leakage of internal RPC AuthTokens between the noobaa operator and the noobaa core into log files. An attacker with access to those logs could use the leaked AuthToken to gain additional access to the noobaa deployme...

CVE-2021-3528

A flaw was found in NooBaa, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration...

Genexis Platinum 4410 操作系统命令注入漏洞

Genexis Platinum 4410 is a router from Genexis A security vulnerability exists in the Genexis PLATINUM 4410 2.1 P4410-V2-1.28 that allows remote attackers to execute arbitrary code via shell metacharacters to validate system configuration...

Apache Airflow 安全漏洞

Apache Airflow is an Apache project maintained by the open source community dedicated to scheduling and monitoring workflows, open sourced by Airbnb in October 2014 and graduated from the Apache Foundation in January 2019 to become the new Apache top-level project. Failure of proper access contro...