Lucene search
+L

40 matches found

F5 Networks
F5 Networks
added 2024/02/14 1:45 p.m.33 views

K000137886: BIG-IP Next CNF vulnerability CVE-2024-23306

Security Advisory Description A vulnerability exists in BIG-IP Next CNF systems that may allow access to undisclosed sensitive files. CVE-2024-23306 Impact An authenticated attacker may be able to modify or remove undisclosed configuration files causing a loss of confidentiality and integrity. Th...

7.1CVSS4.9AI score0.00153EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/02/14 12:0 a.m.7 views

F5 BIG-IP Security Vulnerabilities

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from a vulnerability in the Next CNF and SPK systems that allows acces...

7.1CVSS6.7AI score0.00153EPSS
Exploits0References4
OSV
OSV
added 2023/08/14 5:15 p.m.5 views

CVE-2023-40354

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08....

6.5CVSS5.8AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/14 12:0 a.m.7 views

MariaDB Security Vulnerabilities

MariaDB is a free and open source database management system from the Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB MaxScale versions prior to 23.02.3, which stems from the fact that passwords are stored in plaintext in...

6.5CVSS6.5AI score0.00268EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/05/20 11:37 a.m.32 views

K000134706: Python IDNA vulnerability CVE-2022-45061

Security Advisory Description An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of...

7.5CVSS6.8AI score0.02453EPSS
Exploits1Affected Software5
RedHat Linux
RedHat Linux
added 2023/05/18 2:33 a.m.30 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 CNF vRAN extras security update

An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS...

8.2CVSS6.8AI score0.02963EPSS
Exploits0References33
F5 Networks
F5 Networks
added 2023/04/28 6:27 p.m.44 views

K000133706: OpenSSL vulnerability CVE-2023-0464

Security Advisory Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain th...

7.5CVSS6.9AI score0.03658EPSS
Exploits0Affected Software3
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.6 views

SUSE CVE-2009-0416

The SSL certificate setup program genSslCert.sh in Standards Based Linux Instrumentation for Manageability SBLIM sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /var/tmp/key.pem, 2 /var/tmp/cert.pem, and 3 /var/tmp/ssl.cnf temporary files...

6.9CVSS6.7AI score0.00243EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:19 p.m.5 views

Malicious code in dpd-cnf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e7d6a1334c371170cf7af7116db9cebbbde32ccdde72437b7e919a9675610c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:19 p.m.10 views

MAL-2022-2581 Malicious code in dpd-cnf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e7d6a1334c371170cf7af7116db9cebbbde32ccdde72437b7e919a9675610c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/01/19 11:15 a.m.3 views

CVE-2022-0166

A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary cod...

7.8CVSS7.3AI score0.02969EPSS
Exploits0References2
OSV
OSV
added 2021/01/06 1:15 a.m.4 views

CVE-2020-36168

An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By default, on Windo...

8.8CVSS7.8AI score0.00431EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/08 12:0 a.m.3 views

Windows op***.cnf file has an elevation of privilege vulnerability

Windows 10 is an operating system developed by Microsoft Corporation in the United States for use in computers and tablets. An elevation of privilege vulnerability exists in the Windows op.cnf file, which can be exploited by an attacker to achieve elevation of privilege...

7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/05/08 12:0 a.m.4 views

Rockwell Automation 1788-CNF/A Communications Adapter

Binary data 752913.prm...

7.3AI score
Exploits0
OSV
OSV
added 2016/09/20 6:59 p.m.4 views

ALPINE-CVE-2016-6662

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and...

9.8CVSS7AI score0.6773EPSS
Exploits16References1
Cvelist
Cvelist
added 2013/12/14 5:0 p.m.42 views

CVE-2013-1364

The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter...

9.3AI score0.02169EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2013/06/20 12:0 a.m.35 views

Zabbix < 1.8.16 / 2.0.5 / 2.1.0 user.login cnf Parameter Authentication Bypass

According to its self-reported version number, the instance of Zabbix listening on the remote host is a version greater than 1.8.1 prior to 1.8.16, or version 2.0.x prior to 2.0.5. It, therefore, could be affected by an authentication bypass flaw in the 'user.login' method. The issue is triggered...

5CVSS5.6AI score0.02169EPSS
Exploits0References3
seebug.org
seebug.org
added 2009/12/18 12:0 a.m.12 views

Microsoft IIS 5.1 多个.CNF文件信息泄露

No description provided by source...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.406 views

Check for IIS .cnf file leakage

The IIS web server may allow remote users to read sensitive information from .cnf files. This is not the default configuration. Example, http://target/vtipvt%5csvcacl.cnf, access.cnf, svcacl.cnf, writeto.cnf, service.cnf, botinfs.cnf, bots.cnf, linkinfo.cnf and services.cnf OpenVAS Vulnerability...

5CVSS6.5AI score0.1551EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2000/12/11 12:0 a.m.238 views

Microsoft IIS Multiple .cnf File Information Disclosure

The IIS web server may allow a remote user to retrieve its installation path via GET requests to the files 'access.cnf', 'botinfs.cnf', 'bots.cnf' or 'linkinfo.cnf' in the '/vtipvt' directory. This is not the default configuration. %NASLMINLEVEL 70300 This script was written by John Lampe...

5CVSS5.5AI score0.1551EPSS
Exploits0References2
Rows per page
Query Builder