CVE-2023-26782

An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface -System Configuration-Cache Configuration-Cache security characters...

PT-2023-20797 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: mccms version 2.6.1 Description: An issue in the Backend management interface, specifically in System Configuration-Cache Configuration-Cache security characters, allows remote attackers to cause a denial of service. Recommendations: For mccm...

The vulnerability of microprogrammed software in logic controllers for building and facility control systems from Schneider Electric—such as spaceLYnk, Wiser for KNX (formerly homeLYnk), and FellerLYnk—is related to the lack of authentication for critical functions. This allows attackers to alter the configuration of the system.

The vulnerability of microprogramming software for logic controllers used in building and facility management systems from Schneider Electric—such as spaceLYnk, Wiser for KNX formerly homeLYnk, and FellerLYnk—is related to the absence of authentication for critical functions. Exploiting this...

CVE-2023-20113 Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

CVE-2023-20011 Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system...

K04280042: BIG-IP ASM vulnerability CVE-2019-6650

Security Advisory Description F5 BIG-IP ASM may expose sensitive information and allow the system configuration to be modified when using non-default settings. CVE-2019-6650 Impact The vulnerability is only present on multi-bladed systems VIPRION with BIG-IP ASM provisioned, on the following...

K02692210: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2017-6157

Security Advisory Description BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or...

K72423000: The BIG-IP AFM ACL and IPI features may not function as designed

Security Advisory Description This issue occurs when all of the following conditions are met: You have provisioned and configured the BIG-IP AFM module. Your system has active TCP half-open mitigations. Impact Some BIG-IP AFM features like access control lists ACLs and IP Intelligence IPI are not...

K35520031: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700

Security Advisory Description BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or...

K64743453: NAT64 vulnerability CVE-2016-5745

Security Advisory Description BIG-IP devices using NAT64 are vulnerable to an unauthenticated remote attack that may allow modification of the BIG-IP system configuration. CVE-2016-5745 F5 Technical Support has no additional information about this issue. Impact An unauthorized remote attack may...

SUSE CVE-2011-2899

pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the 1 NetBIOS or 2 workgroup name, which are not properly handled when searching for network printers...

SUSE CVE-2021-27358

The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set...

SA40209 - [Pulse Secure] Cross site scripting issue (CVE-2016-4789)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been discovered in the Pulse Connect Secure device. This issue is related to system configuration section of the administrative user interface. This...

CVE-2022-24410

Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces...

Information disclosure

Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces...

CVE-2022-21939

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...

CVE-2022-21939

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...

CVE-2022-21940

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...

CVE-2022-21940 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in System Configuration Tool (SCT)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...

CVE-2022-21940 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in System Configuration Tool (SCT)

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...