Lucene search
K

21 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/05/29 12:0 a.m.11 views

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

5.9AI score0.00054EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/29 12:0 a.m.11 views

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

5.9AI score0.00054EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/29 12:0 a.m.24 views

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

5.9AI score0.00054EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.19 views

EUVD-2021-15180

Malware in sbrugna...

7.5CVSS7.5AI score0.00706EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-15181

Malware in sbrugna...

7.5CVSS7.5AI score0.00844EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-7289

Malicious code in bioql PyPI...

8.6CVSS6.4AI score0.00507EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.6 views

CVE-2024-20373

A vulnerability in the implementation of the Simple Network Management Protocol SNMP IPv4 access control list ACL feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny...

5.3CVSS7AI score0.00511EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:48 a.m.7 views

CVE-2024-20316

A vulnerability in the data model interface DMI services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list ACL. This vulnerability is due to improper handling of error conditions wh...

5.8CVSS7.2AI score0.00451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/14 5:57 p.m.15 views

CVE-2025-20142

A vulnerability in the IPv4 access control list ACL feature and quality of service QoS policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an...

8.6CVSS7.2AI score0.00507EPSS
Exploits0References1
OSV
OSV
added 2025/03/12 4:15 p.m.3 views

CVE-2025-20142

A vulnerability in the IPv4 access control list ACL feature and quality of service QoS policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an...

8.6CVSS5.7AI score0.00507EPSS
Exploits0References2
NVD
NVD
added 2025/03/12 4:15 p.m.11 views

CVE-2025-20142

A vulnerability in the IPv4 access control list ACL feature and quality of service QoS policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an...

8.6CVSS0.00507EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/12 4:12 p.m.6 views

CVE-2025-20142 Cisco IOS XR Software for ASR 9000 Series Routers L2VPN Denial of Service Vulnerability

A vulnerability in the IPv4 access control list ACL feature and quality of service QoS policy feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an...

8.6CVSS7.5AI score0.00507EPSS
Exploits0References2
CVE
CVE
added 2025/03/12 4:12 p.m.72 views

CVE-2025-20142

Cisco IOS XR Software for ASR 9000 Series Routers, including ASR 9902/9903, contains a vulnerability in the IPv4 ACL and QoS policy handling that affects line cards. Malformed IPv4 packets processed when an IPv4 ACL or QoS policy is applied can cause network processor errors, triggering a line-ca...

8.6CVSS7.5AI score0.00507EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/06 4:52 a.m.7 views

CVE-2021-28504

On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules rules declared after it in ACL do not match on IP protocol field as expected...

7.5CVSS6.8AI score0.00706EPSS
Exploits0References1
CNVD
CNVD
added 2025/01/03 12:0 a.m.9 views

Cisco IOS Software and IOS XE Software Access Control Error Vulnerability

Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. An access control error vulnerability exists in the Simple Network Management Protocol SNMP IPv4 access control list feature of Cisco IOS Software and IOS XE Software, which stems from the program not...

5.3CVSS6.6AI score0.00511EPSS
Exploits0References1
OSV
OSV
added 2024/11/15 3:15 p.m.4 views

CVE-2024-20373

A vulnerability in the implementation of the Simple Network Management Protocol SNMP IPv4 access control list ACL feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny...

5.3CVSS5.8AI score0.00511EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.5 views

Cisco IOS和IOS XE 访问控制错误漏洞

Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. An access control error vulnerability exists in the Simple Network Management Protocol SNMP IPv4 access control list feature of Cisco IOS Software and IOS XE Software, which stems from the program not...

5.3CVSS6.7AI score0.00511EPSS
Exploits0References2
CVE
CVE
added 2024/03/27 4:49 p.m.85 views

CVE-2024-20316

CVE-2024-20316 affects Cisco IOS XE Software with the Data Model Interface (DMI) when an IPv4 ACL is updated via NETCONF/RESTCONF. The issue stems from improper error handling that can reorder ACEs in an updated ACL, potentially allowing access to resources that should be protected. Concrete deta...

5.8CVSS7AI score0.00451EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.5 views

PT-2024-2551 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue is related to improper handling of error conditions in the Data Model Interface DMI services of Cisco IOS XE Software when a device administrator updates an IPv4...

5.8CVSS6.7AI score0.00451EPSS
Exploits0References5
OSV
OSV
added 2022/04/14 9:15 p.m.3 views

CVE-2021-28505

On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol...

7.5CVSS5.8AI score0.00844EPSS
Exploits1References1
Rows per page
Query Builder