176 matches found
CVE-2021-40489
Storage Spaces Controller Elevation of Privilege Vulnerability...
CVE-2021-26441
Storage Spaces Controller Elevation of Privilege Vulnerability...
Ecoa Bas controller 授权问题漏洞
ECOA BAS controller is a smart lighting control solution. ECOA BAS controller is vulnerable to authentication bypass, which can be exploited by attackers to remotely bypass authentication and disclose sensitive information via cookie poisoning...
The vulnerability of microprogrammed programmable logic controllers like Modicon and PacDrive lies in the lack of authentication for a critical function. This allows attackers to alter the device’s IP configuration.
The vulnerability of the microprogrammed logic controllers Modicon and PacDrive lies in the absence of authentication for the critical function. Exploiting this vulnerability allows an attacker to remotely alter the device’s IP configuration...
Cisco Application Policy Infrastructure Controller 安全漏洞
Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco. A security vulnerability exists in Cisco Application Policy Infrastructure Controller that stems from a lack of effective privilege controls in the product API. Th...
CVE-2021-34510
Storage Spaces Controller Elevation of Privilege Vulnerability...
Intel Thunderbolt controller 安全漏洞
The Intel Thunderbolt controller is a connector standard published by Intel, a U.S.-based company that supports both copper and fiber-optic media and is intended to be used as a common bus between computers and other devices. A security vulnerability exists in the IntelR ThunderboltTM controller...
PT-2021-7435 · Nginx · Nginx Controller
Name of the Vulnerable Software and Affected Versions: NGINX Controller versions 2.0.0 through 2.9.0 NGINX Controller versions 3.x before 3.15.0 Description: The issue is related to insufficient protection of registration data, which may allow an attacker to disclose protected information...
CVE-2021-26880
Storage Spaces Controller Elevation of Privilege Vulnerability...
DEBIAN-CVE-2021-27927
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init method. An...
Information Disclosure
jenkins-2-plugins is vulnerable to information disclosure. The vulnerability exists as low-privilege users can access Jenkins controller environment variables...
Industrial Control Device Vulnerability in Mitsubishi Q06UDEHCPU
Q06UDEHCPU series PLC is Mitsubishi's medium and large PLC series products, Q series PLC adopts a modular structure, the composition of the series of products and the size of the flexible and variable. Mitsubishi Q06UDEHCPU has an industrial control device vulnerability that can be exploited by...
Information leakage vulnerability in CSC-830 of Beijing Sifang Relay Automation Company Limited (CNVD-2020-59458)
The CSC830 PLC is a compact controller for small and medium-sized discrete automation systems and stand-alone automation systems from Beijing Sifang Relay Automation Co. The CSC-830 of Beijing Sifang Relay Automation Co., Ltd. suffers from an information disclosure vulnerability that can be...
Unauthorized Access Vulnerability in Crestron Indoor Media Controller at Shanghai Jinqiao Information Co.
Shanghai Jinqiao Information Co., Ltd. was established in August 1994, the company's business scope includes: information systems, security fire prevention engineering, computer information system integration, computer hardware and software products research and development. Shanghai Jinqiao...
Multiple VMware Products Competitive Conditions Issue Vulnerability
VMware ESXi is a server virtualization platform that can be installed directly on physical servers, VMware Workstation is a set of virtual machine software, and VMware Fusion is a set of virtual machine software designed to run Windows applications on Macs. VMware Fusion is a suite of virtual...
GE Mark VIe Controller Trust Management Issue Vulnerability
The GE Mark VIe Controller is an industrial integrated control system from General Electric GE. A trust management issue vulnerability exists in GE Mark VIe Controller, which stems from the program's use of hard-coded credentials. An attacker could exploit this vulnerability to gain root access t...
Arbitrary File Deletion Vulnerability in YCCMS controller directory Pi***.cl***.php
YCCMS is a PHP version of a lightweight CMS builder. YCCMS 3.4 version controller directory Pi.class.php arbitrary file deletion vulnerability, an attacker can use the vulnerability to delete arbitrary files...
ONAP SDNC Operating System Command Injection Vulnerability
The ONAP SDNC is a network-defined network controller from the ONAP program. An operating system command injection vulnerability exists in ONAP SDNC versions prior to 4.0.0. The vulnerability can be exploited to execute arbitrary commands with the help of a specially crafted 'module' parameter...
ONAP SDNC Operating System Command Injection Vulnerability (CNVD-2020-28056)
The ONAP SDNC is a network-defined network controller from the ONAP program. ONAP SDNC suffers from an operating system command injection vulnerability. An attacker can exploit this vulnerability to execute arbitrary commands with the help of a specially crafted 'filename' parameter...
UBUNTU-CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable...