Cacti < 1.2.11 Multiple Vulnerabilities - Windows

Cacti is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cacti:cacti"; ifdescription...

CVE-2020-13230

In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account e.g., permission to view logs...

CVE-2020-13230

In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account e.g., permission to view logs...

Huawei Data Communication: Disabling the Telnet Service

The Telnet login mode is insecure. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

Huawei Data Communication: Disabling the SNMPV1/V2 Service

The security level of SNMPv1v2 is low. Disable SNMPv1v2. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Kaspersky: [Fixed] A vulnerability in KAVKIS 2020 products family allows full disabling of protection

Note! Thank you for your report. For the purposes of the further analysis of the vulnerability, that you kindly report to us, could you please fill all fields in square brackets. This information will help us to respond you more quickly and triage your report. Thanks a lot for your assistance. I...

CVE-2020-10720

A flaw was found in the Linux kernel’s implementation of GRO. This flaw allows an attacker with local access to crash the system. Mitigation Disabling GSO on the cards using ethtool will prevent this codepath from being taken...

ZSQL: Disabling the Use of 0.0.0.0 and :: for Listening

0.0.0.0 indicates that all available IPv4 addresses on the local host are listened, and :: indicates that all available IPv6 addresses on the local host are listened. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C...

CVE-2019-16413

A flaw was found in the implementation of the 9p filesystem in the Linux kernel. The 9p filesystem does not protect isizewrite properly, which causes an isizeread infinite loop. An attacker, able to mount a specially crafted filesystem, could cause a denial of service on SMP systems. Mitigation A...

Code injection

IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possibly leading to an effective denial of service or disabling of the monitoring server. IBM X-Force ID: 167647...

The vulnerability in the web protection component of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, and Kaspersky Security Cloud allows a hacker to disable various antivirus functions.

The vulnerability of the web protection component of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, and Kaspersky Security Cloud products exists due to insufficient validation of input data. Exploiting this...

CVE-2019-19234

When an account is disabled via the shadow file, by replacing the password hash with "!", it is not considered disabled by sudo. And depending on the configuration, sudo can be run by using such disabled account. Mitigation This flaw basically allows users which have disabled account in /etc/shad...

Input validation

Huawei Share function in P30 9.1.0.193C00E190R2P1 smartphone has an insufficient input validation vulnerability. Attackers can exploit this vulnerability by sending crafted packets to the affected device. Successful exploit may cause the function will be disabled...

UBUNTU-CVE-2019-19232

In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as ...

GHSA-Q58G-455P-8VW9 In RubyGem excon, interrupted Persistent Connections May Leak Response Data

Impact There was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short,...

PT-2019-13483 · Unknown · En100 Ethernet Module Iec 61850 Variant +4

Name of the Vulnerable Software and Affected Versions: EN100 Ethernet module DNP3 variant All versions EN100 Ethernet module IEC 61850 variant All versions V4.37 EN100 Ethernet module IEC104 variant All versions EN100 Ethernet module Modbus TCP variant All versions EN100 Ethernet module PROFINET ...

CVE-2019-14910

A flaw was found in keycloak 7.x where an invalid password is accepted for user authentication when LDAP user federation and STARTTLS is used instead of SSL/TLS from the LDAP server. This can allow an attacker to log into a system using any entry for a password authentication and still gain acces...

Multiple Kaspersky Products Input Validation Error Vulnerabilities

Kaspersky Anti-Virus is a suite of antivirus programs, Kaspersky Internet Security is a suite of security software with both anti-virus and firewall features, Kaspersky Total Security is a suite of full-featured security software, and Kaspersky Internet Security is a suite of security software wi...

CVE-2019-15686

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component allowed an attacker remotely disable various anti-virus protection features. DoS, Bypass...

CVE-2019-13675

Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page...