733 matches found
CVE-2024-3313
CVE-2024-3313 concerns vulnerabilities in third-party components used by SUBNET PowerSYSTEM Server 2021 and Substation Server 2021 (versions 4.07.00 and earlier). The root cause is reliance on an insufficiently trustworthy third-party component. The issue has been assigned CVE-2024-3313 with CVSS...
SUBNET PowerSYSTEM Server and Substation Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Low attack complexity Vendor : SUBNET Solutions Inc. Equipment : PowerSYSTEM Server, Substation Server 2021 Vulnerabilities : Reliance on Insufficiently Trustworthy Component 2. RISK EVALUATION Successful exploitation of the vulnerabilities...
How To: Allow traffic only from specific IPs or subnets.
Create a Responder policy that will block access to bound virtual server depending on source IP or source subnet of the client, so that the resource is only accessible from specific IPs and specific subnet IPs...
PT-2024-3867 · Isc · Bind
Name of the Vulnerable Software and Affected Versions: BIND versions 9.11.3-S1 through 9.11.37-S1 BIND versions 9.16.8-S1 through 9.16.45-S1 BIND versions 9.18.11-S1 through 9.18.21-S1 Description: The issue is related to the EDNS Client Subnet ECS component of the BIND DNS server, which can lead...
CVE-2024-24760
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...
Design/Logic Flaw
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...
CVE-2024-24760 Mailcow Docker Container Exposure to Local Network
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...
CVE-2024-24760
CVE-2024-24760 affects mailcow, a dockerized mail suite, with exposed dockerized ports. The root issue: containers on a bridged network are reachable from the same subnet even when ports are bound to 127.0.0.1, enabling potential access to exposed ports. Affected versions are prior to 2024-01c. T...
CVE-2024-24760 Mailcow Docker Container Exposure to Local Network
mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...
mailcow Security Vulnerabilities
mailcow is a mail server suite. A security vulnerability exists in previous versions of mailcow 2024-01c that stems from allowing an attacker on the same subnet to connect to a public port of a Docker container...
PT-2024-20538 · Mailcow · Mailcow
Name of the Vulnerable Software and Affected Versions: mailcow versions prior to 2024-01c Description: A security issue has been identified in mailcow, a dockerized email package. This issue potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even wh...
Server-Side Request Forgery (SSRF)
Label Studio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to faulty SSRF validation which executes a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a...
Unable to create DataSet using IPv4 CIDR format using GUI
When attempting to add a dataset via the GUI AppExpert Data Sets - Add, users may encounter a failure accompanied by the error message - "Value entered is not an IPv4." Note: This error message specifically occurs when the subnet mask value n is greater than 28 a.b.c.d/n...
CVE-2023-6631 Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges...
CVE-2023-6631 Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges...
SUBNET PowerSYSTEM Center Code Issue Vulnerability
SUBNET PowerSYSTEM Center is SUBNET's infrastructure for securely and centrally managing the many different intelligent electronic devices meters, relays, RTUs, etc. deployed throughout the transmission and distribution system. A security vulnerability exists in SUBNET PowerSYSTEM Center 2020...
GHSA-JQPC-RC7G-VF83 User accounts disclosed to unauthenticated actors on the LAN
Summary The login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Details Starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network...
CVE-2023-50715
Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant...
NetProbe - Network Probe
NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices. Features Scan for devices on a specified IP address or subnet...
CVE-2023-45321
The Android Client application, when enrolled with the define method 1 the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...