CVE-2024-35304

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through 777...

CVE-2024-35304

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through 777...

CVE-2024-35304

CVE-2024-35304 describes a system command injection in Pandora FMS, triggered by the Netflow function due to improper input validation. Affected versions are Pandora FMS 700 up to, but not including, 777. The vulnerability can allow an attacker to execute arbitrary system commands remotely over t...

CVE-2024-35304 System command injection through Netflow function

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through 777...

ManageEngine NetFlow Analyzer 12.5.x < 12.5.657 / 12.6.x < 12.6.002 / 12.6.104 / 12.6.118 Authenticate Bypass

The version of ManageEngine NetFlow Analyzer running on the remote web server 12.5.x prior to 12.5.657, or 12.6.x prior to 12.6.002 / 12.6.104 / 12.6.118. It is, there, affected by an authentication bypass vulnerability. Due to the lack of proper request handling an unauthenticated, remote attack...

VulnCheck KEV: CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 125657, 126002, 126104, and 126118 allow unauthenticated attackers to obtain a user's API key, and then access...

Scrutinizer NetFlow & sFlow Analyzer SQL Injection Vulnerability

Plixer Scrutinizer NetFlow & sFlow Analyzer is a network traffic analysis system from Plixer, USA. The system provides traffic monitoring, context forensics, and security analysis. A security vulnerability exists in Scrutinizer NetFlow & sFlow Analyzer versions prior to 19.3.1, which stems from a...

QakBot Malware Operators Expand C2 Network with 15 New Servers

The operators associated with the QakBot aka QBot malware have set up 15 new command-and-control C2 servers as of late June 2023. The findings are a continuation of the malware's infrastructure analysis from Team Cymru, and arrive a little over two months after Lumen Black Lotus Labs revealed tha...

K16939: Multiple Wireshark vulnerabilities

Security Advisory Description Description CVE-2014-6421 Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service application crash via a crafted packet that leverages split memory ownership between the SDP and RTP...

SUSE CVE-2014-6424

The dissectv9v10pdudata function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service uninitialized memory read and...

SUSE CVE-2016-10363

Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted inputs are not handled by the codec and ca...

SUSE CVE-2021-3635

A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root CAPSYSADMIN access is able to panic the system when issuing netfilter netflow commands...

Fedora: Security Advisory for fastnetmon (FEDORA-2022-18023b665f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: fastnetmon-1.2.1-4.20220528git420e7b8.fc37

DDoS detection tool with sFlow, Netflow, IPFIX and port mirror support...

[SECURITY] Fedora 36 Update: fastnetmon-1.2.1-2.20220528git420e7b8.fc36

DDoS detection tool with sFlow, Netflow, IPFIX and port mirror support...

Fedora: Security Advisory for fastnetmon (FEDORA-2022-5d37367673)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

ManageEngine NetFlow Analyzer getDNSResolveOption Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine NetFlow Analyzer. Authentication is required to exploit this vulnerability. The specific flaw exists within the getDNSResolveOption function. The issue results from the lack of proper...

Code injection

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature...

CVE-2022-38772

Summary: CVE-2022-38772 affects Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils. The issue is a command injection in the getNmapInitialOption function that allows authenticated users to perform database changes leading to re...

CVE-2022-38772

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature...