systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit Exploit

systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit As documented at , for any action, a polkit policy can specify separate levels of required authentication based on whether a client is: - in an active session on a local console - in an inactive session on...

Debian DLA-1671-1 : coturn security update

Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. CVE-2018-4056 A SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not possible to easily...

Security Bulletin: Vulnerability in SSLv3 affects affects IBM Global Console Manager (GCM) and Local Console Manager (LCM) Switches (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Global Console Manager GCM and Local Console Manager LCM Switches. Vulnerability Details Summary SSLv3 contains a vulnerability that has be...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Global Console Manager (GCM) and Local Console Manager (LCM) Switches (CVE-2014-3567, CVE-2014-3568)

Summary OpenSSL vulnerabilities along with SSL 3 Fallback protection TLSFALLBACKSCSV were disclosed on October 15, 2014 by the OpenSSL Project. OpenSSL is used by IBM Global Console Manager GCM and Local Console Manager LCM Switches. IBM Global ConsoleManager GCM and Local Console Manager LCM...

Debian DSA-4373-1 : coturn - security update

Multiple vulnerabilities were discovered in coTURN, a TURN and STUN server for VoIP. - CVE-2018-4056 A SQL injection vulnerability was discovered in the coTURN administrator web portal. As the administration web interface is shared with the production, it is unfortunately not possible to easily...

CVE-2018-12323

An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console...

Juniper Junos Commit Script Handling Local Console Port Access Weakness Vulnerability (JSA10835)

According to its self-reported version number, the remote Junos device is affected by a authentication bypass vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid106392; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...

Default credentials

Cisco Media Processing Software before 1.2 on Media Experience Engine MXE 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via 1 the local console, 2 an SSH session, or 3 a TELNET session, aka Bug ID CSCto77737...

[Full-Disclosure] NetWare Screensaver Authentication Bypass From The Local Console

Novacoast Security Advisory Novell Netware 5/5.1/6.0/6.5 Vulnerability Synopsis: Novacoast has discovered a vulnerability in the Novell NetWare Operating System screen saver software. The vulnerability allows a local attacker to bypass authentication and access the system console. Description: Th...