PT-2024-13263 · Ailux · Ailux Imx6 Bundle

Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A CWE-646 issue in the "iec61850" functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. Recommendations:...

The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe—is related to unlimited resource distribution. This allows attackers to execute arbitrary commands.

The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP...

MikroTik RouterOS Improper Privilege Management (CVE-2023-30799)

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super- admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrar...

CVE-2024-25604

CVE-2024-25604 affects Liferay Portal 7.2.0–7.4.3.4 and Liferay DXP 7.4.13, 7.3 before SP3, 7.2 before FP17 (and older unsupported versions), where the system does not properly enforce permissions. Specifically, remote authenticated users with the VIEW permission can edit their own permissions vi...

CVE-2024-25150

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...

CVE-2024-25150

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...

CVE-2022-45320

CVE-2022-45320 affects Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16. A remote authenticated user can become the owner of a wiki page by editing it (privilege escalation). This is a wiki-level ownership issue; exploitation sta...

The vulnerability of the software for centralized control of printing devices, Kyocera Device Manager, arises from incorrect restrictions on the path to the restricted access catalog. This allows attackers to bypass the authentication process.

The vulnerability of the Kyocera Device Manager software for centralized control of printing devices is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process remotely...

CVE-2023-32462

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system...

CVE-2023-32462

Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands and possible system...

CVE-2024-24966

When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Authentication flaw

When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-24966 F5OS vulnerability

When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-24966

CVE-2024-24966 affects F5OS (A and C branches) where LDAP remote authentication can authorize a remote user without an assigned role. Affected versions: F5OS-A 1.2.0 (vulnerable) with fix in 1.3.0; F5OS-C 1.3.0–1.5.1 (vulnerable) with fix in 1.6.0. Impact is improper authorization (control-plane)...

PT-2024-2725 · F5 · F5Os

Name of the Vulnerable Software and Affected Versions: F5OS affected versions not specified Description: The issue is related to the implementation of the LDAP protocol in F5OS, which is associated with deficiencies in the authorization mechanism. When LDAP remote authentication is configured, a...

CVE-2023-6815

CVE-2023-6815 affects Mitsubishi Electric MELSEC iQ-R Series Safety CPU (R08SFCPU, R16SFCPU, R32SFCPU, R120SFCPU) and SIL2 Process CPU (R08PSFCPU, R16PSFCPU, R32PSFCPU, R120PSFCPU) across all versions. The vulnerability is an Incorrect Privilege Assignment that lets a remote, authenticated non-ad...

The vulnerability of the Traffic Management Module of the BIG-IP access control and remote authentication solution allows a perpetrator to impersonate the SSH server of SPK Secure Shell.

The vulnerability of the Traffic Management Module of the BIG-IP access control and remote authentication solution lies in the use of strict encryption for registration data. Exploiting this vulnerability allows a malicious actor to impersonate the SSH server...

PT-2024-14215 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to bypass authentication on affected installations of Allegra. The specific flaw exists within the downloadExportedChart action, resulting from the lack o...

CVE-2024-25148

In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the doAsUserId URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user...

CVE-2023-47798

Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked...