CVE-2021-20557
IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184.
Source: CVE-2021-20557
[월:] 2021년 05월
CVE-2021-3485
CVE-2021-3485
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the Product Update to achieve remote code execution. This issue affects: Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.155.
Source: CVE-2021-3485
CVE-2021-20385
CVE-2021-20385
IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 195766.
Source: CVE-2021-20385
CVE-2021-20419
CVE-2021-20419
IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196280.
Source: CVE-2021-20419
CVE-2020-4990
CVE-2020-4990
IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 192710.
Source: CVE-2020-4990
CVE-2021-20426
CVE-2021-20426
IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196313.
Source: CVE-2021-20426
CVE-2021-20389
CVE-2021-20389
IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 195770.
Source: CVE-2021-20389
CVE-2021-32075
CVE-2021-32075
Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.
Source: CVE-2021-32075
CVE-2020-28911
CVE-2020-28911
Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated users to extract passwords used to manage fused servers via the test_server command in ajaxhelper.php.
Source: CVE-2020-28911
CVE-2020-28910
CVE-2020-28910
Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows for Privilege Escalation via creation of symlinks, which are mishandled in getprofile.sh.
Source: CVE-2020-28910