Lucene search
K

733 matches found

CVE
CVE
added 2024/04/09 10:40 p.m.51 views

CVE-2024-3313

CVE-2024-3313 concerns vulnerabilities in third-party components used by SUBNET PowerSYSTEM Server 2021 and Substation Server 2021 (versions 4.07.00 and earlier). The root cause is reliance on an insufficiently trustworthy third-party component. The issue has been assigned CVE-2024-3313 with CVSS...

8.6CVSS8.6AI score0.00256EPSS
Exploits0References1
ICS
ICS
added 2024/04/09 6:0 a.m.33 views

SUBNET PowerSYSTEM Server and Substation Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION : Low attack complexity Vendor : SUBNET Solutions Inc. Equipment : PowerSYSTEM Server, Substation Server 2021 Vulnerabilities : Reliance on Insufficiently Trustworthy Component 2. RISK EVALUATION Successful exploitation of the vulnerabilities...

8.6CVSS9.1AI score0.00256EPSS
Exploits0References8
Citrix
Citrix
added 2024/03/18 12:0 a.m.8 views

How To: Allow traffic only from specific IPs or subnets.

Create a Responder policy that will block access to bound virtual server depending on source IP or source subnet of the client, so that the resource is only accessible from specific IPs and specific subnet IPs...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.2 views

PT-2024-3867 · Isc · Bind

Name of the Vulnerable Software and Affected Versions: BIND versions 9.11.3-S1 through 9.11.37-S1 BIND versions 9.16.8-S1 through 9.16.45-S1 BIND versions 9.18.11-S1 through 9.18.21-S1 Description: The issue is related to the EDNS Client Subnet ECS component of the BIND DNS server, which can lead...

5.3CVSS6.4AI score0.00624EPSS
Exploits0References12
NVD
NVD
added 2024/02/02 4:15 p.m.20 views

CVE-2024-24760

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...

8.8CVSS8.6AI score0.00868EPSS
Exploits0References2
Prion
Prion
added 2024/02/02 4:15 p.m.17 views

Design/Logic Flaw

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...

4.1CVSS7AI score0.00868EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/02 3:28 p.m.35 views

CVE-2024-24760 Mailcow Docker Container Exposure to Local Network

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...

8.8CVSS8.7AI score0.00868EPSS
Exploits0References2
CVE
CVE
added 2024/02/02 3:28 p.m.41 views

CVE-2024-24760

CVE-2024-24760 affects mailcow, a dockerized mail suite, with exposed dockerized ports. The root issue: containers on a bridged network are reachable from the same subnet even when ports are bound to 127.0.0.1, enabling potential access to exposed ports. Affected versions are prior to 2024-01c. T...

8.8CVSS7AI score0.00868EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/02 3:28 p.m.25 views

CVE-2024-24760 Mailcow Docker Container Exposure to Local Network

mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container,...

8.8CVSS7.3AI score0.00868EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/02 12:0 a.m.5 views

mailcow Security Vulnerabilities

mailcow is a mail server suite. A security vulnerability exists in previous versions of mailcow 2024-01c that stems from allowing an attacker on the same subnet to connect to a public port of a Docker container...

8.8CVSS6.7AI score0.00868EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/02 12:0 a.m.4 views

PT-2024-20538 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow versions prior to 2024-01c Description: A security issue has been identified in mailcow, a dockerized email package. This issue potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even wh...

8.8CVSS7.1AI score0.00868EPSS
Exploits0References6
Veracode
Veracode
added 2024/02/01 2:27 p.m.17 views

Server-Side Request Forgery (SSRF)

Label Studio is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to faulty SSRF validation which executes a single DNS lookup to verify that the IP address is not in an excluded subnet range. This protection can be bypassed by either using HTTP redirection or performing a...

5.3CVSS6.8AI score0.00737EPSS
Exploits1References4Affected Software1
Citrix
Citrix
added 2024/01/25 12:0 a.m.6 views

Unable to create DataSet using IPv4 CIDR format using GUI

When attempting to add a dataset via the GUI AppExpert Data Sets - Add, users may encounter a failure accompanied by the error message - "Value entered is not an IPv4." Note: This error message specifically occurs when the subnet mask value n is greater than 28 a.b.c.d/n...

7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/01/08 7:4 p.m.2 views

CVE-2023-6631 Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element

PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges...

7.8CVSS7.7AI score0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/08 7:4 p.m.20 views

CVE-2023-6631 Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element

PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges...

7.8CVSS8.5AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/08 12:0 a.m.5 views

SUBNET PowerSYSTEM Center Code Issue Vulnerability

SUBNET PowerSYSTEM Center is SUBNET's infrastructure for securely and centrally managing the many different intelligent electronic devices meters, relays, RTUs, etc. deployed throughout the transmission and distribution system. A security vulnerability exists in SUBNET PowerSYSTEM Center 2020...

7.8CVSS7AI score0.00174EPSS
Exploits0References3
OSV
OSV
added 2023/12/15 11:19 p.m.1 views

GHSA-JQPC-RC7G-VF83 User accounts disclosed to unauthenticated actors on the LAN

Summary The login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Details Starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network...

4.3CVSS5.8AI score0.00908EPSS
Exploits1References4
NVD
NVD
added 2023/12/15 3:15 a.m.15 views

CVE-2023-50715

Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant...

4.3CVSS0.00908EPSS
Exploits1References2
Kitploit
Kitploit
added 2023/12/12 11:30 a.m.33 views

NetProbe - Network Probe

NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices. Features Scan for devices on a specified IP address or subnet...

7.3AI score
Exploits0References2
NVD
NVD
added 2023/10/25 6:17 p.m.24 views

CVE-2023-45321

The Android Client application, when enrolled with the define method 1 the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

8.8CVSS8.2AI score0.00124EPSS
Exploits0References1
Rows per page
Query Builder