PT-2026-30263

Name of the Vulnerable Software and Affected Versions Hirschmann HiLCOS OpenBAT and BAT450 products affected versions not specified Description Hirschmann HiLCOS OpenBAT and BAT450 products have a firewall bypass issue in IPv6 IPsec deployments. Attackers can bypass configured firewall rules by...

CVE-1999-0240

Some filters or firewalls allow fragmented SYN packets with IP reserved bits in violation of their implemented policy...

PT-2026-28494

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus lacks validation of the image fingerprint when downloading from simplestreams image servers. This can lead to image cache poisoning, potentially allowing an attacker to provide a compromised ima...

CVE-2025-61935

When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2025-34643

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...

CVE-2025-55669

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-55669 BIG-IP HTTP/2 vulnerability

When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2017-12268

Malware in sbrugna...

EUVD-2014-6293

Malware in sbrugna...

Configure Proper Policies for INPUT of iptables

The INPUT chain is used to filter packets received from external systems. For any service provided for external systems, configure the corresponding INPUT policy and enable the related port so that external clients can access the service through the port. If the policy is not set, all packets tha...

Configure Proper Policies for OUTPUT of iptables

There are two occasions in which a server sends outgoing packets: 1. The local host process proactively connects to an external server, for example, performing an HTTP access, or sending data to a log server. 2. The local host responds to the external access to the local services. If no policy is...

Configure Proper Policies for OUTPUT of nftables

There are two occasions in which a server sends outgoing packets: 1. The local host process proactively connects to an external server, for example, performing an HTTP access, or sending data to a log server. 2. The local host responds to the external access to the local services. If no policy is...

CVE-2021-26088

An improper authentication vulnerability in FSSO Collector version 5.0.295 and below may allow an unauthenticated user to bypass a FSSO firewall policy and access the protected network via sending specifically crafted UDP login notification packets...

PT-2025-5739

Name of the Vulnerable Software and Affected Versions: BIG-IP AFM affected versions not specified Description: The issue occurs when BIG-IP AFM is provisioned with the IPS module enabled and a protocol inspection profile is configured on a virtual server or firewall rule or policy. Undisclosed...

Policy bypass for Host Firewall policy due to race condition in Cilium agent

Impact A race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies intended for nodes with the ignored label to not apply, leading to policy bypass. Patches This issue was fixed in...

CVE-2023-47536

An improper access control vulnerability CWE-284 in FortiOS version 7.2.0, version 7.0.13 and below, version 6.4.14 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below may allow a remote unauthenticated attacker to bypass the firewall deny...

PT-2023-7704 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.2.0, 7.0.13 and below, 6.4.14 and below FortiProxy versions 7.2.3 and below, 7.0.9 and below, 2.0.12 and below Description: The issue is related to improper access control, which may allow a remote unauthenticated attacker ...

PT-2022-27513 · Dahua · Dahua

Name of the Vulnerable Software and Affected Versions: Dahua software products affected versions not specified Description: The issue allows for an unauthenticated restart of the remote DSS Server. An attacker can bypass the firewall access control policy by sending a specific crafted packet to t...

Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy

Fortinet has privately warned its customers of a security flaw affecting FortiGate firewalls and FortiProxy web proxies that could potentially allow an attacker to perform unauthorized actions on susceptible devices. Tracked as CVE-2022-40684 CVSS score: 9.6, the critical flaw relates to an...

Protect

An improper verification of source of a communication channel vulnerability CWE-940 in FortiOS may allow a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. This is possible only...