Cisco Data Center Network Manager Certificate Validation Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A certificate validation vulnerability exists in Cisco Data Center Network Manager...

Cisco Data Center Network Manager 信任管理问题漏洞

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A certificate validation vulnerability exists in Cisco Data Center Network Manager...

CVE-2020-26077

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

Improper access control

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

CVE-2020-26077 Cisco IoT Field Network Director Improper Access Control Vulnerability

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

Dell OpenManage Server Administrator Path Traversal (DSA-2020-172)

The version of Dell OpenManage Server Administrator OMSA running on the remote host is affected by a path traversal vulnerability due to improper sanitization of user-supplied input to a web API request. An unauthenticated, remote attacker can exploit this, via a crafted request, to gain file...

CVE-2020-12933

CVE-2020-12933 describes a denial-of-service in the D3DKMTEscape handler of the AMD ATIKMDAG.SYS driver (e.g., version 26.20.15029.27017). A crafted D3DKMTEscape request can trigger an out-of-bounds read in Windows kernel memory, with exploitation possible from a non-privileged/guest context. Pub...

New web skimmer steals credit card data, sends to crooks via Telegram

The digital credit card skimming landscape keeps evolving, often borrowing techniques used by other malware authors in order to avoid detection. As defenders, we look for any kind of artifacts and malicious infrastructure that we might be able to identify to protect our users and alert affected...

A Vulnerability Disclosure Program is not just a page on a web site

It’s great to see an increasing number of organisations starting down the path of a Vulnerability Disclosure Program or ‘VDP,’ but it increasingly strikes me that these are ‘check box’ exercises rather than a genuine desire to interact positively with researchers and improve security. A VDP is a...

Intel Owl - Analyze Files, Domains, IPs In Multiple Ways From A Single API At Scale

Do you want to get threatintelligence data about a file, an IP or a domain? Do you want to get this kind of data from multiple sources at the same time using a single API request? You are in the right place! This application is built to scale out and to speed up the retrieval of threat info. It c...

CVE-2020-14325

Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-superadministrator, an attacker can perform a...

Authorization

Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-superadministrator, an attacker can perform a...

CVE-2020-14325

Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-superadministrator, an attacker can perform a...

CVE-2017-18890

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

CVE-2017-18890

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

Cross site request forgery (csrf)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

CVE-2017-18890

CVE-2017-18890 affects Mattermost Server prior to 4.3.0, 4.2.1, and 4.1.2. An attacker can craft a UI button that, when pressed by a user, triggers an API request. The vulnerability description across Red Hat/SUSE/SUSCVE and OSV confirms the same behavior and impact. Remediation guidance in sourc...

Design/Logic Flaw

In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process. The image analysis operation can only be executed by an authenticated user vi...

Longbrothers Digital OKLOK Information Disclosure Vulnerability (CNVD-2021-25679)

Longbrothers Digital Fingerprint Bluetooth Padlock FB50 and OKLOK are both products of Longbrothers Digital China.Fingerprint Bluetooth Padlock FB50 is a fingerprint round The Fingerprint Bluetooth Padlock FB50 is a fingerprint round padlock that supports fingerprint unlocking, remote unlocking...

CVE-2020-8148

UniFi Cloud Key firmware 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. This affects Cloud Key gen2 and Cloud Key gen2 Plus...