40 matches found
K000137886: BIG-IP Next CNF vulnerability CVE-2024-23306
Security Advisory Description A vulnerability exists in BIG-IP Next CNF systems that may allow access to undisclosed sensitive files. CVE-2024-23306 Impact An authenticated attacker may be able to modify or remove undisclosed configuration files causing a loss of confidentiality and integrity. Th...
F5 BIG-IP Security Vulnerabilities
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP that stems from a vulnerability in the Next CNF and SPK systems that allows acces...
CVE-2023-40354
An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08....
MariaDB Security Vulnerabilities
MariaDB is a free and open source database management system from the Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB MaxScale versions prior to 23.02.3, which stems from the fact that passwords are stored in plaintext in...
K000134706: Python IDNA vulnerability CVE-2022-45061
Security Advisory Description An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 CNF vRAN extras security update
An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS...
K000133706: OpenSSL vulnerability CVE-2023-0464
Security Advisory Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain th...
SUSE CVE-2009-0416
The SSL certificate setup program genSslCert.sh in Standards Based Linux Instrumentation for Manageability SBLIM sblim-sfcb 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /var/tmp/key.pem, 2 /var/tmp/cert.pem, and 3 /var/tmp/ssl.cnf temporary files...
Malicious code in dpd-cnf (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e7d6a1334c371170cf7af7116db9cebbbde32ccdde72437b7e919a9675610c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2581 Malicious code in dpd-cnf (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e7d6a1334c371170cf7af7116db9cebbbde32ccdde72437b7e919a9675610c4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-0166
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary cod...
CVE-2020-36168
An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By default, on Windo...
Windows op***.cnf file has an elevation of privilege vulnerability
Windows 10 is an operating system developed by Microsoft Corporation in the United States for use in computers and tablets. An elevation of privilege vulnerability exists in the Windows op.cnf file, which can be exploited by an attacker to achieve elevation of privilege...
Rockwell Automation 1788-CNF/A Communications Adapter
Binary data 752913.prm...
ALPINE-CVE-2016-6662
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and...
CVE-2013-1364
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter...
Zabbix < 1.8.16 / 2.0.5 / 2.1.0 user.login cnf Parameter Authentication Bypass
According to its self-reported version number, the instance of Zabbix listening on the remote host is a version greater than 1.8.1 prior to 1.8.16, or version 2.0.x prior to 2.0.5. It, therefore, could be affected by an authentication bypass flaw in the 'user.login' method. The issue is triggered...
Microsoft IIS 5.1 多个.CNF文件信息泄露
No description provided by source...
Check for IIS .cnf file leakage
The IIS web server may allow remote users to read sensitive information from .cnf files. This is not the default configuration. Example, http://target/vtipvt%5csvcacl.cnf, access.cnf, svcacl.cnf, writeto.cnf, service.cnf, botinfs.cnf, bots.cnf, linkinfo.cnf and services.cnf OpenVAS Vulnerability...
Microsoft IIS Multiple .cnf File Information Disclosure
The IIS web server may allow a remote user to retrieve its installation path via GET requests to the files 'access.cnf', 'botinfs.cnf', 'bots.cnf' or 'linkinfo.cnf' in the '/vtipvt' directory. This is not the default configuration. %NASLMINLEVEL 70300 This script was written by John Lampe...