67 matches found
CVE-2020-4809
IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189633...
Input validation
A vulnerability in Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion...
Debian: Security Advisory (DLA-2601-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ceph-ansible: insecure ownership on /etc/ceph/iscsi-gateway.conf configuration file
A flaw was found in Ceph-ansible where it creates an /etc/ceph/iscsi-gateway.conf with insecure default permissions. This flaw allows any user on the system to read sensitive information within this file. The highest threat from this vulnerability is to confidentiality...
WAGO PFC 200 Web-Based Management (WBM) Code Execution Vulnerability
Summary An exploitable code execution vulnerability exists in the Web-Based Management WBM functionality of WAGO PFC 200 03.03.1015. A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigg...
CVE-2020-11799
Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. This can also affect all users who are signed in on the system if a shell is placed in a location that other unprivileged users have access to...
CVE-2019-11658
Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed...
Design/Logic Flaw
Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed...
CVE-2019-3629
McAfee Enterprise Security Manager (ESM) has an authorization issue that allows an unauthenticated user to impersonate system users via specially crafted parameters. Affected versions are ESM prior to 11.2.0 and prior to 10.4.0. This is a protection bypass vulnerability in the application itself....
Security Bulletin: IBM API Connect is affected by sensitive information leakage in LoopBack (CVE-2019-4382)
Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-4382 DESCRIPTION: IBM API Connect could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. CVSS Base Score: 5.3 CVSS Temporal...
CVE-2018-13860
MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=0" or "?oid=systemUsers&id=0" GET...
Security Bulletin: Log viewer vulnerability affects IBM PureApplication System (CVE-2014-6190)
Summary Log viewer vulnerability affects IBM PureApplication System. Vulnerability Details CVEID: CVE-2014-6190 DESCRIPTION: Defined system users without proper permissions can access the log viewer functionality by entering the log page URLs in their browser. CVSS Base Score: 5.0 CVSS Temporal...
Security Bulletin: Log viewer vulnerability affects IBM Workload Deployer (CVE-2014-6190)
Summary Log viewer vulnerability affects IBM Workload Deployer. Vulnerability Details CVEID:CVE-2014-6190 DESCRIPTION: Defined system users without proper permissions can access the log viewer functionality by entering the log page URLs in their browser. CVSS Base Score: 5.0 CVSS Temporal Score:...
BMC BladeLogic RSCD Agent 8.3.00.64 Windows Users Disclosure
Exploit Title: BMC BladeLogic RSCD agent get Windows users Filename: BMCwinUsers.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-27 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: BMC RSCD agent 8.3.00.64 CVE: CVE-2016-5063 Vendor...
BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure
Exploit Title: BMC BladeLogic RSCD agent get Windows users Filename: BMCwinUsers.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-27 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: BMC RSCD agent 8.3.00.64 CVE: CVE-2016-5063 Vendor...
SUSE-SU-2017:1619-1 Security update for glibc
This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. bsc1039357 - A bug in glibc that could result in deadlocks between...
SUSE-SU-2017:1611-1 Security update for glibc
This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. bsc1039357 - The incorrectly defined constant OTMPFILE has been...
cPanel Cross Domain Scripting / Information Disclosure
=== Introduction === cPanel offers web hosting software that automates the intricate workings of web hosting servers. cPanel equips server administrators with the necessary tools to provide top-notch hosting to customers on tens of thousands of servers worldwide. === Description === I Cross Domai...
DSA-3567-1 libpam-sshauth - security update
Bulletin has no description...
TRS init_sysUsers.xml 信息泄漏漏洞
No description provided by source...