CVE-2020-14301

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpx...

CVE-2020-14301

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpx...

CVE-2020-14301

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpx...

Information disclosure

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpx...

CVE-2020-14301

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpx...

CVE-2020-14301

CVE-2020-14301 is an information-disclosure in libvirt prior to 6.3.0 where HTTP cookies used to access network-based disks were saved in a guest domain’s dumpxml XML, enabling access to sensitive domain configuration data. Affected: libvirt

CVE-2020-14301

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpx...

CVE-2020-14301

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpx...

Design/Logic Flaw

RFNTPS firmware versions System01000004 and earlier, and Web01000004 and earlier allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors...

CVE-2021-2246

CVE-2021-2246 targets Oracle E-Business Suite, specifically the Oracle Universal Work Queue’s Work Provider Site Level Administration. Affected versions are 12.1.1–12.1.3. The vulnerability allows a low-privileged, network-accessing attacker (via HTTP) to compromise the Work Queue, leading to una...

CVE-2021-2202

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

Rockwell Automation 1734-AENTR Series B and Series C

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: 1734-AENTR Series B and Series C Vulnerabilities: Improper Access Control, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Rockwell Automation Allen-Bradley Micrologix 1100

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley MicroLogix 1100 Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability...

The vulnerability of the InnoDB component of the MySQL Database Server allows a attacker to cause service failures or gain privileged access.

The vulnerability of the InnoDB component in the MySQL Database Management System is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause service failures or gain privileged access through network packets...

PT-2021-3088 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The vulnerability in Microsoft SharePoint Server is related to insufficient input sanitization, allowing a remote attacker to execute arbitrary code. In a network-based...

Design/Logic Flaw

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromis...

Input validation

The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service DoS condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to...

CVE-2020-1675 Juniper Networks Mist Cloud UI: SAML authentication certificate vulnerability.

When Security Assertion Markup Language SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI...

Default credentials

Jfrog Artifactory uses default passwords such as "password" for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0...

CVE-2019-17444 JFrog Artifactory does not enforce default admin password change

Jfrog Artifactory uses default passwords such as "password" for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. This issue affects Jfrog Artifactory versions prior to 6.17.0...