Lucene search
K

69 matches found

redhatcve
redhatcve
added 2025/05/22 9:21 p.m.5 views

CVE-2021-41987

In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scepservername value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10...

8.1CVSS8.1AI score0.16229EPSS
Exploits1
cve
cve
added 2025/04/11 2:3 a.m.104 views

CVE-2025-0128

The CVE-2025-0128 DoS exists in Palo Alto Networks PAN-OS SCEP authentication, allowing an unauthenticated attacker to reboot the firewall and push it into maintenance mode. Cloud NGFW is not affected; Prisma Access is patched. Affected PAN-OS versions include 10.1.x (<10.1.14-h11), 10.2.x (&l...

8.7CVSS6.7AI score0.00284EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2024/10/16 12:0 a.m.7 views

The vulnerability of the Simple Certificate Enrollment Protocol (SCEP) implementation in Windows operating systems allows a perpetrator to trigger a service failure.

The vulnerability of the Simple Certificate Enrollment Protocol SCEP implementation in Windows operating systems is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS5.5AI score0.02277EPSS
Exploits0References2
nessus
nessus
added 2024/04/21 12:0 a.m.32 views

RHEL 5 : pki (RHSA-2010:0838)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0838 advisory. Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure PKI deployments. Simple...

9.8CVSS6.7AI score0.09854EPSS
Exploits0References9
osv
osv
added 2024/03/06 10:52 a.m.17 views

BIT-EJBCA-2021-40086

An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...

3.5CVSS3.7AI score0.00542EPSS
Exploits0References2
osv
osv
added 2024/03/06 10:52 a.m.24 views

BIT-EJBCA-2021-40087

An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...

4CVSS3.7AI score0.00412EPSS
Exploits0References2
osv
osv
added 2023/07/11 10:15 a.m.3 views

CVE-2023-36755

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...

7.2CVSS7.6AI score0.00972EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/07/06 12:0 a.m.4 views

SAMSUNG Mobile device 输入验证错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile device SMR Jul-2023 Release 1 version, which stems from an incorrect input validation vulnerability ...

8.5CVSS7.3AI score0.00176EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/06/27 12:0 a.m.3 views

PT-2023-4060 · Siemens · Ruggedcom Rox Mx5000 +8

Name of the Vulnerable Software and Affected Versions: RUGGEDCOM ROX MX5000 versions prior to V2.16.0 RUGGEDCOM ROX MX5000RE versions prior to V2.16.0 RUGGEDCOM ROX RX1400 versions prior to V2.16.0 RUGGEDCOM ROX RX1500 versions prior to V2.16.0 RUGGEDCOM ROX RX1501 versions prior to V2.16.0...

9.1CVSS7.8AI score0.00972EPSS
Exploits0References5
cvelist
cvelist
added 2022/03/16 2:44 p.m.25 views

CVE-2021-41987

In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scepservername value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10...

8.7AI score0.16229EPSS
Exploits1References2
cve
cve
added 2022/03/16 2:44 p.m.252 views

CVE-2021-41987

The vulnerability CVE-2021-41987 affects MikroTik RouterOS SCEP Server in specific releases (RouterOS 6.46.8, 6.47.9, 6.47.10). A heap-based buffer overflow can be triggered by an attacker who knows the scep_server_name value, leading to remote code execution. Multiple sources (NVD entry and Red ...

8.1CVSS8.4AI score0.16229EPSS
Exploits1References2Affected Software1
nessus
nessus
added 2021/11/18 12:0 a.m.59 views

Palo Alto Networks PAN-OS 8.1.x < 8.1.20-h1 / 9.0.x < 9.0.14-h3 / 9.1.x < 9.1.11-h2 / 10.0.x < 10.0.8 / 10.1.x < 10.1.3 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.20-h1 or 9.0.x prior to 9.0.14-h3 or 9.1.x prior to 9.1.11-h2 or 10.0.x prior to 10.0.8 or 10.1.x prior to 10.1.3. It is, therefore, affected by a vulnerability. - An OS command injection vulnerability in th...

9.3CVSS8.3AI score0.33875EPSS
Exploits1References5
cnvd
cnvd
added 2021/11/13 12:0 a.m.34 views

Palo Alto Networks PAN-OS SCEP feature command injection vulnerability

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances.A command injection vulnerability exists in Palo Alto Networks PAN-OS, which stems from an OS command injection vulnerability in the software's SCEP Simple Certificate The...

9.3CVSS2.9AI score0.33875EPSS
Exploits1References1
nvd
nvd
added 2021/11/10 5:15 p.m.27 views

CVE-2021-3060

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

9.3CVSS0.33875EPSS
Exploits1References3
prion
prion
added 2021/11/10 5:15 p.m.23 views

Command injection

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

9.3CVSS8.5AI score0.33875EPSS
Exploits1References3Affected Software2
paloalto
paloalto
added 2021/11/10 5:0 p.m.123 views

PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)

An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...

8.1CVSS8.8AI score0.33875EPSS
Exploits1References3
nvd
nvd
added 2021/08/25 2:15 a.m.19 views

CVE-2021-40087

An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...

4CVSS0.00412EPSS
Exploits0References1
attackerkb
attackerkb
added 2021/08/25 2:15 a.m.7 views

CVE-2021-40086

An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...

3.5CVSS5.8AI score0.00542EPSS
Exploits0References2
prion
prion
added 2021/08/25 2:15 a.m.15 views

Code injection

An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...

4CVSS4.1AI score0.00412EPSS
Exploits0References1Affected Software1
prion
prion
added 2021/08/25 2:15 a.m.14 views

Code injection

An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...

3.5CVSS4.2AI score0.00542EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder