23 matches found
CVE-2026-41917
OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...
Malicious code in nerite-security-audit (npm)
Collects and exfiltrates sensitive data env vars, SSH keys, keystores, history via HTTPS and DNS. Suspicious domain and disabled SSL validation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87776a4e480d244c862e76238cd498aa49bd919403dad6de21a85326d6b451ed The...
MAL-2026-2499 Malicious code in nerite-security-audit (npm)
Collects and exfiltrates sensitive data env vars, SSH keys, keystores, history via HTTPS and DNS. Suspicious domain and disabled SSL validation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87776a4e480d244c862e76238cd498aa49bd919403dad6de21a85326d6b451ed The...
EUVD-2018-8309
Malware in sbrugna...
CVE-2025-55109 BMC Control-M/Agent default SSL/TLS configuration authenticated bypass
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS12 keystore. A remote attacker with access to a signed third-party or demo...
CVE-2025-55109
The CVE-2025-55109 entry describes an authentication bypass in out-of-support Control-M/Agent versions 9.0.18–9.0.20 (and potentially earlier unsupported builds) when using an empty/default kdb keystore or a default PKCS#12 keystore. A remote attacker who has access to a signed third-party or dem...
CVE-2025-55109 BMC Control-M/Agent default SSL/TLS configuration authenticated bypass
An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions when using an empty or default kdb keystore or a default PKCS12 keystore. A remote attacker with access to a signed third-party or demo...
Security Bulletin: UC Deploy Container images may contain non-unique https certificates and database encryption key. (CVE-2021-39082 )
Summary CVE-2021-39082 The provided UC Deploy Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. Vulnerability Details...
GHSA-5FQV-MPJ8-H7GM Lemur subject to insecure random generation
Overview Lemur was using insecure random generation for its example configuration file, as well as for some utilities. Impact The potentially affected generated items include: | Configuration item | Config option name if applicable | Documentation link if applicable | Rotation option | Code...
SUSE-SU-2022:2856-1 Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: - Updated to version jdk8u345 icedtea-3.24.0 - CVE-2022-21540: Fixed a potential Java sandbox bypass bsc1201694. - CVE-2022-21541: Fixed a potential Java sandbox bypass bsc1201692. - CVE-2022-34169: Fixed an issue where arbitrary byteco...
SUSE: Security Advisory (SUSE-SU-2022:2819-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:2819-1 Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: - Updated to version jdk8u345 icedtea-3.24.0 - CVE-2022-21540: Fixed a potential Java sandbox bypass bsc1201694. - CVE-2022-21541: Fixed a potential Java sandbox bypass bsc1201692. - CVE-2022-34169: Fixed an issue where arbitrary byteco...
GHSA-XM92-RF24-H74W Apache Geronimo Application Server multiple directory traversal vulnerabilities
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the 1 group, 2 artifact, 3 version, or 4 fileType...
Apache Geronimo Application Server multiple directory traversal vulnerabilities
Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the 1 group, 2 artifact, 3 version, or 4 fileType...
CVE-2018-16498
In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores...
Code injection
In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores...
CVE-2018-16498
In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores...
CVE-2018-16498
CVE-2018-16498 affects Versa Director where unencrypted backup files stored on the Versa deployment include credentials inside configuration files for components such as SNMP and SSL/Trust keystores. The root cause is plaintext credentials in backups, enabling potential exposure if backups are ac...
Versa Networks: Plaintext Credentials in Backups & Configs
In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores...
Security Bulletin: Exposed Keystores in IBM UrbanCode Deploy
Summary The 6.1.0.2 release of IBM UrbanCode Deploy may expose secret keystores to a user with access to the correct page. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with...