The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init’s deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or...
It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks. Date published : 2018-08-01 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894 https://access.redhat.com/errata/RHSA-2018:3592
In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an...
Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device. Date published : 2018-08-01...
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected...
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface...
A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of...
A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of...
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based (DOM-based) cross-site scripting (XSS) attack against...
A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial...
A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a...