7691 matches found
CVE-2021-2358
CVE-2021-2358 affects Oracle Fusion Middleware Oracle Access Manager (Rest interfaces for Access Mgr), with affected version 11.1.2.3.0. Post-authentication impact: a high-privilege attacker who can reach Oracle Access Manager over HTTPS can gain unauthorized access to confidential data or data a...
CVE-2021-2358
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Rest interfaces for Access Mgr. The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Acces...
CVE-2021-20108
Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed due to...
CVE-2021-20109
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...
CVE-2021-20110
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...
CVE-2021-20108
Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed due to...
CVE-2021-20110
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...
Memory corruption
Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed due to...
Design/Logic Flaw
Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...
UBUNTU-CVE-2021-20110
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...
Integer overflow
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...
CVE-2021-20110
Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...
CVE-2021-20110
CVE-2021-20110 affects Manage Engine AssetExplorer Agent 1.0.34. According to the provided sources, the agent does not validate HTTPS certificates, enabling an attacker on the network to spoof the Asset Explorer server IP and send a NEWSCAN to a listening agent, potentially obtaining the agent’s ...
CVE-2021-20108
CVE-2021-20108 affects Manage Engine Asset Explorer Agent 1.0.34. The agent listens on TCP port 9000 for HTTPS commands from the Manage Engine Server, but uses unverified HTTPS certificates, allowing arbitrary users on the network to send commands. Although authtoken validation may prevent comman...
CVE-2021-20109
CVE-2021-20109 affects Zoho ManageEngine AssetExplorer: an Asset Explorer agent that does not validate HTTPS certificates allows a network attacker to spoof the server IP and issue NEWSCAN requests, potentially triggering the agent to reveal its HTTP requests and tokens. The root cause is a heap ...
A week in security (July 12 – July 18)
Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global domination Nope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch either Four in-the-wild exploits, 13 critical patches headline bumper Patch Tuesday Is crypto’s criminal rollercoaster...
Unspecified vulnerability in Ypsomed mylife App (CNVD-2021-69617)
Ypsomed mylife App is an application of Ypsomed AG. To optimize communication between people with diabetes and healthcare professionals, mylife Therapy Management is an easy-to-use, easy-to-share solution for diabetes therapy data. mylife App by Ypsomed has a security vulnerability that reflects...
Medialize URI.js 输入验证错误漏洞
Medialize URI.js is a Javascript-based code library from the Medialize team that can be used to efficiently stitch URLs. Medialize URI.js is vulnerable to an input validation error that results from a new URI that fails to properly parse https:///, which leads to the system user being directed to...
UBUNTU-CVE-2021-29974
When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security which implies that the error should not be override-able. This issue did not...
FreeBSD : go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (c365536d-e3cf-11eb-9d8d-b37b683944c2)
The Go project reports : crypto/tls clients can panic when provided a certificate of the wrong type for the negotiated parameters. net/http clients performing HTTPS requests are also affected. The panic can be triggered by an attacker in a privileged network position without access to the server...