3.0 bug fix update

An update is available for freeradius. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRADIUS is a high-performance and highly configurable free Remote...

The vulnerability of NETGEAR’s Wi-Fi router software, including models CBR750, CBR40, RBR852, RBR850, and RBS850, stems from deficiencies in authentication mechanisms. This allows attackers to circumvent security restrictions.

The vulnerability of NETGEAR Wi-Fi router software, including models CBR750, CBR40, RBR852, RBR850, and RBS850, is related to deficiencies in authentication mechanisms. Exploiting this vulnerability could allow a malicious actor to circumvent security restrictions from a remote location...

Fortinet FortiAuthenticator 授权问题漏洞

Fortinet FortiAuthenticator, a centralized user identity management solution from Fortinet, Inc. is vulnerable to an authentication bypass vulnerability in version 6.4.0 due to improper design or implementation of the authentication module code. issue. An attacker could exploit this vulnerability...

Denial of service

A denial-of-service vulnerability in Database Security DBS prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files i...

CVE-2021-20043

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances...

Sonicwall SMA100 操作系统操作系统命令注入漏洞

The Sonicwall SMA100 is a secure access gateway device from Sonicwall, Inc. An operating system command injection vulnerability exists in the SonicWall SMA100 management interface, which stems from an improper neutralization of special elements in the POST http method of /cgi-bin/viewcert. The...

CVE-2021-36299

Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying speciall...

CVE-2021-43549

CVE-2021-43549 affects the OSIsoft PI Web API. A remote authenticated attacker with write access to a PI Server can lure a user into interacting with a PI Web API endpoint and redirect them to a malicious site, potentially disclosing sensitive information or providing false data. Root cause: impr...

OSIsoft PI Server 跨站脚本漏洞

Osisoft OSIsoft PI is a commercial software application platform based on the Ckient/Server architecture from OSIsoft Osisoft, USA. The platform supports data collection, analysis and visualization, etc. A security vulnerability exists in OSIsoft PI Server, which can be exploited by remote...

OSIsoft PI Server Cross-Site Scripting Vulnerability

Osisoft OSIsoft PI is a commercial software application platform based on the Ckient/Server architecture from OSIsoft Osisoft, USA. The platform supports data collection, analysis and visualization, etc. A security vulnerability exists in OSIsoft PI Server, which can be exploited by remote...

The vulnerability of the Traffic Management Microkernel component of BIG-IP access control and remote authentication tools allows a attacker to cause a service failure.

The vulnerability of the Traffic Management Microkernel component of the BIG-IP access control and remote authentication solutions is related to deficiencies in the segmentation of the controlled system area. Exploiting this vulnerability could allow a malicious actor to cause service interruptio...

GitLab EE Cross-Site Scripting Vulnerability (CNVD-2021-87036)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A cross-site scripting vulnerability exists in GitLab EE...

CVE-2020-15940

An improper neutralization of input vulnerability CWE-79 in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server...

Aruba ClearPass Policy Manager Authorization Issue Vulnerability

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a secure access management system for wireless networks.A security vulnerability exists in Aruba ClearPass Policy Manager, which stems from a remote authentication bypass vulnerability in Aruba ClearPass Policy Manage...

HPE Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability

HPE Aruba ClearPass Policy Manager is a Network Access Control NAC solution. a security vulnerability exists in the web management interface of HPE Aruba ClearPass Policy Manager. An attacker could use the vulnerability to access sensitive information on the platform, which could bypass system...

HPE Aruba ClearPass Policy Manager Remote Authentication Bypass Vulnerability (CNVD-2021-80173)

HPE Aruba ClearPass Policy Manager is a Network Access Control NAC solution. a security vulnerability exists in the web management interface of HPE Aruba ClearPass Policy Manager. An attacker could use the vulnerability to access sensitive information on the platform, which could bypass system...

CVE-2021-40996

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

CVE-2021-40996

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

CVE-2021-37736

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

CVE-2021-37736

A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...