K000156604: BIG-IP httpd access control vulnerability CVE-2026-40435

Security Advisory Description When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses. CVE-2026-40435 Impact This vulnerability allows an attacker to connect to the BIG-IP control plane HTTP services; however, the...

Exploit for Unprotected Alternate Channel in Crushftp

C...

EUVD-2021-19738

Malware in sbrugna...

EUVD-2024-27366

Malicious code in bioql PyPI...

EUVD-2022-30426

Malicious code in bioql PyPI...

CrushFTP Unprotected Alternate Channel Vulnerability

CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS...

The vulnerability of the web interface of the cross-platform FTP server CrushFTP allows a hacker to execute arbitrary code with elevated privileges.

The vulnerability of the cross-platform FTP server CrushFTP lies in the use of an unprotected alternative channel. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with elevated privileges by replacing the administrative user with the default user...

GHSA-85QF-6845-M8P2 Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xwgj-vpm9-q2rq. This link is maintained to preserve external references. Original Description Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspecti...

The vulnerability of the Trusted Slot function in Rockwell Automation’s microprogrammed logic controllers models 1756-EN4TR, 1756-EN2T Series A/B/C, 1756-EN2F Series A/B, 1756-EN2TR Series A/B, 1756-EN3TR Series B, 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, 1756-EN2TP Series A. This vulnerability allows a attacker to modify user projects and/or device configurations.

The vulnerability of the Trusted Slot function in Rockwell Automation’s microprogrammed logic controllers models 1756-EN4TR, 1756-EN2T Series A/B/C, 1756-EN2F Series A/B, 1756-EN2TR Series A/B, 1756-EN3TR Series B, 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B,...

PT-2024-5335

Name of the Vulnerable Software and Affected Versions Rockwell Automation 1756-EN4TR, 1756-EN2T Series A/B/C, 1756-EN2F Series A/B, 1756-EN2TR Series A/B, 1756-EN3TR Series B, 1756-EN2T Series D, 1756-EN2F Series C, 1756-EN2TR Series C, 1756-EN3TR Series B, 1756-EN2TP Series A Description A...

PT-2024-28710 · Unknown · Tone Store App

Name of the Vulnerable Software and Affected Versions: TONE store App versions 3.4.2 and earlier Description: The issue is related to an unprotected primary channel in the TONE store App, which communicates with the TONE store website in cleartext. This could allow a man-in-the-middle attack,...

The vulnerability of the Query Parameter Handler component in the IBM TXSeries for Multiplatforms transaction management software solutions, including the IBM CICS TX Standard and IBM CICS TX Advanced application servers, allows a malicious individual to gain unauthorized access to confidential information.

The vulnerability of the Query Parameter Handler component in the IBM TXSeries transaction application management software for multiplatforms, as well as in the IBM CICS TX Standard and IBM CICS TX Advanced application servers, is related to the use of an unprotected communication channel for dat...

CVE-2024-2414

The primary channel is unprotected on Movistar 4G router affecting E version SWLD71-T1v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges...

CVE-2023-0317 GateManager debug interface is included in non-debug builds

Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information...

PT-2023-16172 · Unknown · Gatemanager

Name of the Vulnerable Software and Affected Versions: GateManager affected versions not specified Description: The issue concerns an Unprotected Alternate Channel vulnerability in the debug console of GateManager. This vulnerability allows a system administrator to obtain sensitive information...

The vulnerability of the Swarm Mode mode of the dockerd daemon in the software for creating containerized systems like Moby and the Mirantis Container Runtime environment allows a attacker to compromise the integrity of the protected information.

The vulnerability of the Swarm Mode mode of the dockerd daemon, a software tool for creating containerized systems like Moby and the Mirantis Container Runtime environment, is related to the use of an unprotected alternative channel. Exploiting this vulnerability allows an attacker to compromise...

The vulnerability of the Swarm Mode mode of the dockerd daemon, a software tool for creating containerized systems like Moby and the Mirantis Container Runtime environment, allows an attacker to compromise the integrity and accessibility of protected information.

The vulnerability of the Swarm Mode mode of the dockerd daemon, a software tool for creating containerized systems like Moby and the Mirantis Container Runtime environment, is related to the use of an unprotected alternative channel. Exploiting this vulnerability allows an attacker to compromise...

hw: cpu: Intel: information disclosure via local access

A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to enable information disclosure via local access...

hw: cpu: Intel: information disclosure via local access

A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some IntelR Processors may allow an authorized user to enable information disclosure via local access...

VMware ESXi 安全漏洞

VMware ESXi is a suite of server virtualization platforms from VMware that can be installed directly on physical servers. VMware ESXi ESXi70U1b-17168206 - A security vulnerability exists in ESXi version 670-20211104001, which stems from an unprotected alternative channel to return branch target...