513 matches found
CVE-2024-0319 Open Redirect vulnerability in FireEye HXTool
Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirecturi' parameter...
CVE-2024-0318 Cross-Site Scripting in FireEye HXTool
Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded...
CVE-2024-0318
CVE-2024-0318 (FireEye HXTool) affects FireEye HXTool version 4.6. A stored Cross-Site Scripting vulnerability exists in the Profile Name and Hostname/IP fields, enabling a crafted JavaScript payload to execute when items are loaded. This is evidenced across multiple sources (NVD entry and relate...
CVE-2024-0318 Cross-Site Scripting in FireEye HXTool
Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded...
CVE-2024-0317 Cross-Site Scripting in FireEye EX
Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 'sfname' parameters to an authenticated user to retrieve their session details...
CVE-2024-0317
CVE-2024-0317 is an XSS vulnerability in FireEye EX 9.0.3.936727. The issue allows an attacker to send a crafted JavaScript payload via the parameters “type” and “s_f_name” to an authenticated user, enabling retrieval of the user’s session details. Supported by multiple sources in the provided do...
CVE-2024-0315
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process...
CVE-2024-0316
Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containmentnotify/preview parameter, which could lead to a service outage...
CVE-2024-0315
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process...
CVE-2024-0316
Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containmentnotify/preview parameter, which could lead to a service outage...
CVE-2024-0314
XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking...
CVE-2024-0314
XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking...
Input validation
Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containmentnotify/preview parameter, which could lead to a service outage...
Cross site scripting
XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking...
Remote file inclusion
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process...
CVE-2024-0316
CVE-2024-0316 affects FireEye Endpoint Security (Trellix) 5.2.0.958244. The issue is described as an improper cleanup in exceptions thrown, enabling an attacker to send multiple requests to the containment_notify/preview parameter and potentially cause a service outage. Connected sources confirm ...
CVE-2024-0316 Improper cleanup vulnerability in FireEye Endpoint Security
Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containmentnotify/preview parameter, which could lead to a service outage...
CVE-2024-0316 Improper cleanup vulnerability in FireEye Endpoint Security
Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containmentnotify/preview parameter, which could lead to a service outage...
CVE-2024-0315 Remote file inclusion vulnerability in FireEye Central Management
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process...
CVE-2024-0315 Remote file inclusion vulnerability in FireEye Central Management
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process...