20 matches found
CVE-2025-62631
An insufficient session expiration vulnerability CWE-613 vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's passwor...
EUVD-2017-16713
Malware in sbrugna...
EUVD-2024-18216
Malicious code in bioql PyPI...
EUVD-2023-24448
Malicious code in bioql PyPI...
EUVD-2022-26183
Malicious code in bioql PyPI...
EUVD-2024-18214
Malicious code in bioql PyPI...
EUVD-2025-9555
Malicious code in bioql PyPI...
EUVD-2024-18213
Malicious code in bioql PyPI...
UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit
A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access SMA 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP. The malicious activity, dating back to at least October 2024, has been attributed by the Goog...
CVE-2024-50562
An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session...
CVE-2024-20502
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insufficient resource management while establishi...
CVE-2025-20212
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service DoS condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must...
CVE-2025-20212
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service DoS condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must...
CVE-2025-20212
CVE-2025-20212 affects Cisco Meraki MX and Cisco Meraki Z Series devices, targeting the Cisco AnyConnect VPN server. The root cause is a variable that is not initialized during SSL VPN session establishment, allowing an authenticated, remote actor with VPN credentials to cause a DoS by triggering...
PT-2025-14532 · Cisco · Cisco Meraki Z Series +2
Name of the Vulnerable Software and Affected Versions: Cisco Meraki MX and Cisco Meraki Z Series devices versions MX64, MX64W, MX65, MX65W, MX67, MX67C, MX67W, MX68, MX68CW Description: A vulnerability in the Cisco AnyConnect VPN server could allow an authenticated, remote attacker to cause a...
CVE-2024-20498
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...
CVE-2024-20501
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...
CVE-2024-20499
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficie...
CVE-2024-20513
CVE-2024-20513 affects Cisco Meraki MX and Z Series Teleworker Gateway devices with the Cisco AnyConnect VPN server. The flaw stems from insufficient entropy in the session-handler mechanism used during SSL VPN session establishment, enabling an unauthenticated attacker to terminate targeted SSL ...
CVE-2006-5393
Cisco Secure Desktop CSD does not require that the ClearPageFileAtShutdown aka CCE-Winv2.0-407 registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session...