NetBox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

CVE-2024-40740

CVE-2024-40740 is an XSS vulnerability in NetBox v4.0.3. The issue arises from insufficient filtering/escaping of user-supplied data in the Name parameter of the /dcim/power-feeds/{id}/edit/ endpoint, allowing an attacker to inject arbitrary HTML/JS. Multiple connected sources confirm the affecte...

CVE-2024-40738

Summary: CVE-2024-40738 is a cross-site scripting (XSS) vulnerability affecting NetBox v4.0.3. The issue arises from lack of proper filtering/escaping of user-supplied data in the Name parameter at the URL path /dcim/console-ports/{id}/edit/, allowing an attacker to inject arbitrary HTML/JS. Docu...

CVE-2024-40731

CVE-2024-40731 is an XSS vulnerability in NetBox v4.0.3. The issue arises from insufficient filtering/escaping of user-supplied data in the Name parameter of the endpoint /dcim/rear-ports/{id}/edit/, allowing injection of arbitrary HTML/JS in the affected web page. Several connected sources corro...

CVE-2024-40726

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/id/edit/...

CVE-2024-38972

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/...

CVE-2024-2422

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands...

CVE-2024-2421

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions...

CVE-2024-2422

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands...

CVE-2024-2420

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...

CVE-2024-2420

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...

CVE-2024-2421

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions...

CVE-2024-2422 LenelS2 NetBox Improper Neutralization of Argumented Delimiters

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands...

CVE-2024-2422

LenelS2 NetBox (LenelS2/Carrier) is affected by CVE-2024-2422, an authenticated RCE in NetBox versions up to and including 5.6.1. The vulnerability affects the NetBox access control and event monitoring system and can allow an attacker to execute arbitrary commands with elevated privileges. Remed...

CVE-2024-2422 LenelS2 NetBox Improper Neutralization of Argumented Delimiters

LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands...

CVE-2024-2421 LenelS2 NetBox Improper Neutralization of Special Elements

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions...

CVE-2024-2421 LenelS2 NetBox Improper Neutralization of Special Elements

LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions...

CVE-2024-2421

LenelS2 NetBox

CVE-2024-2420 LenelS2 NetBox Hardcoded Credentials

LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements...

CVE-2024-2420

Summary: CVE-2024-2420 affects LenelS2 NetBox access control and event monitoring system. A hard-coded credential vulnerability in versions prior to and including 5.6.1 allows an attacker to bypass authentication. Affected product/versions are LenelS2 NetBox