VulnCheck KEV: CVE-2023-5970

Improper authentication in the SMA100 SSL-VPN virtual office portal allows a remote authenticated attacker to create an identical external domain user using accent characters, resulting in an MFA bypass...

EUVD-2018-1050

Malware in sbrugna...

EUVD-2020-24800

Malware in sbrugna...

EUVD-2014-2152

Malware in sbrugna...

EUVD-2024-18117

Malicious code in bioql PyPI...

CVE-2025-25250

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL...

CVE-2025-25250

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL...

CVE-2024-50562

CVE-2024-50562 is an Insufficient Session Expiration (CWE-613) in FortiOS SSL-VPN. A stolen cookie could allow a logged-out/expired session to re-authenticate. Affected FortiOS/ FortiSASE: FortiOS 7.6.0 (fixed in 7.6.1), 7.4.0–7.4.7 (fixed in 7.4.8), 7.2.0–7.2.10 (fixed in 7.2.11), and all 7.0 an...

Fortinet Fortigate Insufficient Session Expiration in SSL-VPN cookie (FG-IR-24-339)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-339 advisory. - An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version...

CVE-2022-45861

An access of uninitialized pointer vulnerability CWE-824 in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated...

Vulnerabilities fixed in SonicWall SonicOS

Sonicwall has fixed vulnerabilities in SonicOS for Gen6 and Gen7 firewalls. The first vulnerability concerns a weak pseudo-random number generator in the SSLVPN CVE-2024-40762, allowing attackers to predict authentication tokens in some cases. CVE-2024-53704 concerns improper authentication in th...

CVE-2020-12819

A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode i...

Fortinet Fortigate when connecting to SSL-VPN (FG-IR-21-018)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-018 advisory. - An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDA...

PT-2024-7436 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: The issue is related to a logic error in memory management when handling S...

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. A security vulnerability exists in SonicWALL SonicOS SSL-VPN. A remote attacker could exploit this vulnerability to cause a denial of service DoS via the memcpy function...

SonicOS SSL-VPN Improper Authentication

An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication.This issue affects only firmware version SonicOS 7.1.1-7040. CVE: CVE-2024-22394 Last updated: Feb. 7, 2024, 4:44...