49 matches found
CVE-2024-50557
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...
BEC-ware the Phish (part 2): Respond and Remediate Incidents in M365
TL;DR Ensure you can reliably take initial containment actions such as disabling accounts, resetting passwords, and revoking tokens. Token binding ensures that a token only works on the specific device the token was issued and is currently the best protection against token theft. As a minimum...
Fortinet Releases Security Updates for Multiple Products
Fortinet released security updates to address vulnerabilities in multiple products, including OS and FortiProxy. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and...
The vulnerability in the web interface and command-line interface of the Cisco Email Security Appliance security system for Cisco AsyncOS operating systems allows a malicious user to execute arbitrary commands from the root user.
The vulnerability in the web interface and the command-line interface of the Cisco Email Security Appliance security system for Cisco AsyncOS operating systems is related to improper validation of the loaded configuration file for the SNMP protocol. Exploiting this vulnerability allows a maliciou...
The vulnerability of the SAML (Security Assertion Markup Language) technology used in the Nozomi Guardian network detection and monitoring tool, as well as the Nozomi Central Management Console (CMC) – a centralized security management tool – allows a malicious actor to trigger a service failure.
The vulnerability of the SAML Security Assertion Markup Language technology used in the Nozomi Guardian network detection and monitoring tool, as well as the Nozomi Central Management Console CMC, relates to insufficient validation of input data during the loading of configuration files. Exploiti...
CVE-2023-36830
CVE-2023-36830 affects SQLFluff prior to v2.1.2 where an attacker with access to config files could abuse the library_path setting to execute arbitrary Python code via Jinja/macros. The issue arises when untrusted users can view or modify config and leverage library_path to reach Python execution...
SUSE CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
CVE-2022-27634
On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions whi...
Qualcomm 芯片安全漏洞
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time fabricated on the surface of semiconductor wafers. A security vulnerability exists in a number of Qualcomm products that...
CVE-2020-25758
An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root...
CVE-2020-3157 Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied...
Command injection
The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying...
CVE-2019-1728
Cisco FXOS and NX-OS Software are affected by CVE-2019-1728 through the Secure Configuration Validation functionality. An authenticated local attacker with administrative credentials can overwrite the persistent configuration on the device, allowing arbitrary commands to run at system boot with r...
CVE-2018-0432
A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the error reporting applicatio...
CVE-2018-5509
On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and...
CVE-2018-5509
On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and...
The vulnerability of the clusterLoadConfig function in the Redis database management system allows a attacker to cause service interruptions or other adverse effects.
The vulnerability of the clusterLoadConfig function in the Redis database management system arises from an operation that occurs outside the buffer in memory, due to the lack of checks on the values of migratingslotsto and migratingslotsfrom, which are defined in the configuration file. Exploitin...
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1568-1)
ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed : - CVE-2016-4956: Broadcast interleave bsc982068. - CVE-2016-2518: Crafted addpeer with hmode 7 causes array wraparound with MATCHASSOC bsc977457. - CVE-2016-2519: ctlgetitem return value not always...
SUSE-SU-2016:1568-1 Security update for ntp
ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed: - CVE-2016-4956: Broadcast interleave bsc982068. - CVE-2016-2518: Crafted addpeer with hmode 7 causes array wraparound with MATCHASSOC bsc977457. - CVE-2016-2519: ctlgetitem return value not always...
SUSE-SU-2016:1471-1 Security update for ntp
This update for ntp fixes the following issues: - Separate the creation of ntp.keys and key 1 in it to avoid problems when upgrading installations that have the file, but no key 1, which is needed e.g. by 'rcntp addserver'. - Update to 4.2.8p7 bsc977446: CVE-2016-1547, bsc977459: Validate...