Cisco Secure Network Analytics Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to...

PT-2022-10725 · Rti · Connext Dds Secure +1

Name of the Vulnerable Software and Affected Versions: RTI Connext DDS Professional and Connext DDS Secure versions 4.2x through 6.1.0 Description: The issue arises from incorrect buffer size calculation during allocation, potentially leading to a buffer overflow. Recommendations: For versions 4....

CVE-2022-27331

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users...

CVE-2022-27331

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users...

CVE-2022-27331

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users...

CVE-2022-20773

A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance VA could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing ...

Cisco Umbrella 信任管理问题漏洞

Cisco Umbrella is a suite of cloud security platforms from Cisco. The platform prevents cyber threats such as phishing, malware and ransomware. A security vulnerability exists in the Cisco Umbrella Virtual Appliance VA that stems from the presence of a static SSH host key. An attacker could explo...

CVE-2022-20774

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web-based interface of an affected system. This...

CVE-2022-20774

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web-based interface of an affected system. This...

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web-based interface of an affected system. This...

Envoy 信任管理问题漏洞

Envoy is an open source distributed proxy server. Envoy is vulnerable to a trust management issue, which stems from the fact that Envoy's tls allows certain certificate authentication settings to be reused after they have been changed from their default configuration. No detailed vulnerability...

CVE-2022-21215

This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing...

Rockwell Automation RSLogix Improper Access Control (CVE-2010-5305)

The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthorized programming and configuration client to gain access to the product and allow changes to the...

Vulnerability Remediation: It’s Not Just Patching

Vulnerability does not equal a patch, as such remediating a detected vulnerability requires deploying the right patches and, in some cases, making the right configuration changes. Using multiple tools to detect, map and deploy the right remediation actions is time consuming and will result in les...

Mageia: Security Advisory (MGASA-2021-0520)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-23233

Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can be accessed without any authentication information such as the session cookie. An attacker can send requests to sensitive endpoints as an unauthenticated user to perform critical actions or modify critical configuration...

CVE-2021-43333

The Datalogic DXU service on for example DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings...

Garrett Walk-Through Metal Detectors Can Be Hacked Remotely

A number of security flaws have been uncovered in a networking component in Garrett Metal Detectors that could allow remote attackers to bypass authentication requirements, tamper with metal detector configurations, and even execute arbitrary code on the devices. "An attacker could manipulate thi...

Garrett Metal Detectors iC Module CMA run_server_6877 authentication bypass vulnerability

Summary An authentication bypass vulnerability exists in the CMA runserver6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger th...

Apache Log4j Remote Code Execution Vulnerability

Certain versions of Apache Log4j2 are vulnerable to a remote code execution vulnerability. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. Microsoft is not aware of any impact to th...