PT-2024-5293 · Zoho · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADAudit Plus versions 7260 and below Description: The issue is related to information disclosure in Zoho ManageEngine ADAudit Plus, a Windows Active Directory management and reporting tool. Exploitation of this issue may all...

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...

Peplink Balance Security Breach

Peplink Balance is a router from Peplink. A security vulnerability exists in Peplink Balance Two versions prior to 8.4.0, which stems from a lack of authorization checking in captive portals that allows an attacker to modify the configuration without prior authentication...

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...

PT-2023-31124 · Peplink · Peplink Balance Two

Name of the Vulnerable Software and Affected Versions: Peplink Balance Two versions prior to 8.4.0 Description: A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication. This issue affects Peplink Balance Two and can be...

PT-2023-9103 · Peplink · Peplink Smart Reader

Name of the Vulnerable Software and Affected Versions: Peplink Smart Reader version 1.2.0 Description: A data integrity vulnerability exists in the web interface /cgi-bin/upload config.cgi functionality. A specially crafted HTTP request can lead to configuration modification. An attacker can make...

CVE-2023-3899 Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

Important: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: subscription-manager security update

An update for subscription-manager is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated thi...

PT-2023-7628 · Asustor · Asustor Data Master

Name of the Vulnerable Software and Affected Versions: ASUSTOR Data Master ADM versions 4.0.6.RIS1 and below ASUSTOR Data Master ADM versions 4.1.0 and below ASUSTOR Data Master ADM versions 4.2.2.RI61 and below Description: The issue is related to improper privilege management in ASUSTOR Data...

Trace HTML Requests with Application Firewall Security Violation Logs on NetScaler Appliance

The NetScaler offers the option to isolate traffic for a specific Application Firewall profile and collect nstrace for HTML requests that trigger a log, block action or have malformed requests. The nstrace collected in "–appfw" mode will have details of the entire request including the Applicatio...

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles Jira Connect Namespaces. An attacker can exploit this vulnerability to add or remove Jira Connect Namespaces, even if they do not have the required permissions. This can be used ...

CVE-2023-38555

Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R...

GHSA-W2H3-VVVQ-3M53 Pipelines do not validate child UIDs

Summary Pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. We should add UID to PipelineRun status and validate that child Run status/results only come from Runs...

SICK EventCam 访问控制错误漏洞

SICK EventCam is an industrial photoelectric sensor from SICK. A security vulnerability exists in SICK EventCam that stems from a lack of API authentication, allowing an attacker to modify and access configuration settings on the program...

CVE-2023-34257

CVE-2023-34257 affects IBM BMC Patrol up to version 23.1.00. The agent’s configuration can be remotely modified, and by default authentication is not required. SNMP-related fields (e.g., masterAgentName, masterAgentStartLine) can trigger code execution when the agent restarts. Vendor note: authen...

PT-2023-24779 · Bmc · Bmc Patrol

Name of the Vulnerable Software and Affected Versions: BMC Patrol versions through 23.1.00 Description: An issue was discovered where the agent's configuration can be remotely modified, and by default, authentication is not required. Some configuration fields related to SNMP, such as...

CVE-2023-22913

A post-authentication command injection vulnerability in the “accountoperator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data,...

Command injection

A post-authentication command injection vulnerability in the “accountoperator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data,...