The vulnerability of the syslog-ng protocol implementation in the SUSE Linux Enterprise Server operating system allows a perpetrator to elevate their privileges to the root level.

The vulnerability of the syslog-ng protocol implementation in the SUSE Linux Enterprise Server operating system is related to the tracking of symbolic links. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

Solarwinds Kiwi Syslog Server 安全漏洞

Solarwinds Kiwi Syslog Server is an affordable Syslog management tool for network and system engineers from Solarwinds USA. It is used to receive syslog messages and Snmp traps from network devices routers, switches, firewalls, etc. and Linux®/Unix® hosts. A security vulnerability exists in...

PT-2021-20858 · Unknown · Kiwi Syslog Server

Name of the Vulnerable Software and Affected Versions: Kiwi Syslog Server versions 9.7.2 and earlier Description: The Secure flag is not set in the SSL Cookie, which means the cookie can be sent over unencrypted requests if the application is accessible over both HTTP and HTTPS. This poses a risk...

NewStart CGSL CORE 5.05 / MAIN 5.05 : rsyslog Vulnerability (NS-SA-2021-0176)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has rsyslog packages installed that are affected by a vulnerability: - Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might...

CVE-2021-35231

As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path:...

CVE-2021-35231

As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path:...

Code injection

As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path:...

CVE-2021-35231

The CVE-2021-35231 entry concerns unquoted service path vulnerability in the Kiwi Syslog Server Installation Wizard. A local attacker could escalate privileges by placing an executable in the affected service/uninstall entry path (example: Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services...

CVE-2021-35231 Unquoted Path (SMB Login) Vulnerability

As a result of an unquoted service path vulnerability present in the Kiwi Syslog Server Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. Example vulnerable path:...

Cypress Solutions CTM-200/CTM-ONE Hard-Coded Credentials Remote Root

!/usr/bin/env python3 Cypress Solutions CTM-200/CTM-ONE Hard-coded Credentials Remote Root Telnet/SSH Vendor: Cypress Solutions Inc. Product web page: https://www.cypress.bc.ca Affected version: CTM-ONE 1.3.6-latest CTM-ONE 1.3.1 CTM-ONE 1.1.9 CTM200 2.7.1.5659-latest CTM200 2.0.5.3356-184 Summar...

Siemens SINEMA Remote Connect Server Access Control Error Vulnerability

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. An access control error vulnerability exists in SINEMA Remote Connect Server, which can be exploited ...

CVE-2021-37177

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system...

Information disclosure

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system...

CVE-2021-37177

The CVE-2021-37177 entry affects Siemens SINEMA Remote Connect Server (all versions before 3.0 SP2). The vulnerability allows an unauthenticated attacker on the same network to manipulate the status provided by managed syslog clients, indicating a modification of assumed-immutable data (CWE-471) ...

CVE-2021-37177

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0 SP2. The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system...

Siemens SINEMA Remote Connect Server 访问控制错误漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. An access control error vulnerability exists in SINEMA Remote Connect Server, which can be exploited ...

CVE-2021-38703

Wireless devices running certain Arcadyan-derived firmware such as KPN Experia WiFi 1.00.15 do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be...

CVE-2021-38703

Wireless devices running certain Arcadyan-derived firmware such as KPN Experia WiFi 1.00.15 do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be...

Design/Logic Flaw

Wireless devices running certain Arcadyan-derived firmware such as KPN Experia WiFi 1.00.15 do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be...

CVE-2021-38703

CVE-2021-38703 concerns Arcadyan-derived firmware used by devices such as KPN Experia WiFi (1.00.15). The issue arises from improper sanitisation of user input to the syslog configuration form, enabling an authenticated remote attacker to alter device configuration and achieve remote code executi...