Lucene search
+L

54 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:24 a.m.8 views

CVE-2017-13314

In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with...

7.8CVSS8.3AI score0.00074EPSS
Exploits0References1
ICS
ICS
added 2025/01/23 6:30 a.m.19 views

ABB FLXEON Controllers

SUMMARY An update is available that resolves a privately reported vulnerability in the product versions listed as affected in this advisory. FLXEON devices are not intended to be internet-facing. A product advisory issued in June 2023 informed customers of this parameter. An attacker can...

9.5AI score
Exploits0References10
Citrix
Citrix
added 2024/07/13 12:0 a.m.8 views

Configuration for Controlled Access to Different VPN Plugin Through NetScaler Gateway for XenMobile Deployments

Requirement 1: Disable VPN Access for the iOS VPN Client If you configure NetScaler Gateway for use with XenMobile, it includes configuration to enable Secure Web and approved Citrix Apps-enabled applications to access the corporate network. The access is enabled for authenticated users by...

6.7AI score
Exploits0
OSV
OSV
added 2024/05/22 5:16 p.m.3 views

CVE-2024-20355

A vulnerability in the implementation of SAML 2.0 single sign-on SSO for remote access VPN services in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affecte...

5CVSS5.8AI score0.00333EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/22 12:0 a.m.32 views

Cisco 多款产品安全漏洞

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software are both products of Cisco Corporation.Cisco Firepower Threat Defense is a set of unified software to provide next-generation firewall services. Cisco Adaptive Security Appliances Software is a set of...

5CVSS6.5AI score0.00333EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/14 12:0 a.m.5 views

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS that stems from incorrect authentication in the GlobalProtect gateway feature. An attacker could exploit the vulnerability to establish a VPN...

6.3CVSS6.8AI score0.00179EPSS
Exploits0References3
HackRead
HackRead
added 2024/02/06 6:15 p.m.45 views

Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches

By Deeba Ahmed Zero-Day Nightmare: CVE-2024-21893 Exploits Surge in Attacks on Ivanti Products. This is a post from HackRead.com Read the original post: Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches...

6.4CVSS7.3AI score0.99999EPSS
Exploits5
Prion
Prion
added 2023/10/30 7:15 p.m.19 views

Design/Logic Flaw

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacke...

6.5CVSS8.8AI score0.00929EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.24 views

PT-2023-29736 · Zkteco · Zkteco Zem800

Name of the Vulnerable Software and Affected Versions: ZKTeco ZEM800 version 6.60 Description: An IDOR vulnerability has been found in the ZKTeco ZEM800 product. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or...

8.3CVSS6.7AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.5 views

PT-2023-7424 · Fortinet · Fortigate +1

Name of the Vulnerable Software and Affected Versions: FortiGate versions 7.2.3 and below FortiGate versions 7.0.9 and below Description: The issue is related to a permissive list of allowed inputs, which may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal...

4.3CVSS4.4AI score0.00437EPSS
Exploits0References5
Citrix
Citrix
added 2022/09/30 12:0 a.m.8 views

[Citrix Gateway VPN] Cannot access intranet applications in VPN over Proxy environment

When you connect Citrix Gateway VPN. You may observe VPN establishment is OK but cannot access internal applications/networks when the following conditions both match: Client has proxy configured and VPN connection goes through Proxy. Client PC has an interface IP in 169.254.0.0/16 subnet Usually...

7.1AI score
Exploits0
Citrix
Citrix
added 2022/08/26 12:0 a.m.9 views

After upgrade to 13.0-85.x or above, unable to access Citrix VPN.

Users getting " No Intranet IP available " post authentication to Citrix VPN. This is only seen in ADC version 13.0-85.x and above...

7.3AI score
Exploits0
ICS
ICS
added 2022/08/23 12:0 a.m.35 views

Delta Industrial Automation DIALink

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: Delta Industrial Automation DIALink Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the...

9.8CVSS8.8AI score0.00616EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2022/08/11 12:51 p.m.61 views

Cisco Confirms Network Breach Via Hacked Employee Google Account

Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee’s Google account. The networking giant is calling the attack a “potential compromise” in a Wednesday post by the company’s own Cisco Talos threat research arm. “During the...

7.1AI score
Exploits0References4
Citrix
Citrix
added 2022/08/11 12:0 a.m.8 views

How to block users from logging in VPN during non-working hours

This article address a configuration sample to block users from logging in VPN during non-working hours...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2022/08/10 7:30 p.m.28 views

Cisco Talos shares insights related to recent cyber attack on Cisco

Update History Date | Description of Updates ---|--- Aug. 10th 2022| Adding clarifying details on activity involving active directory. Aug. 10th 2022| Update made to the Cisco Response and Recommendations section related to MFA. Executive summary On May 24, 2022, Cisco became aware of a potential...

1.6AI score
Exploits0
OSV
OSV
added 2022/05/24 3:15 a.m.4 views

CVE-2022-0910

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...

6.5CVSS6.9AI score0.00672EPSS
Exploits0References1
OSV
OSV
added 2021/09/24 3:15 a.m.8 views

CVE-2021-41583

vpn-user-portal aka eduVPN or Let's Connect! before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional V...

6.5CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2021/09/24 3:15 a.m.17 views

Code injection

vpn-user-portal aka eduVPN or Let's Connect! before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional V...

9CVSS8.3AI score0.01876EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/09/24 2:22 a.m.49 views

CVE-2021-41583

vpn-user-portal (eduVPN/Let's Connect!) before 2.3.14, as packaged for Debian 10/11 and Fedora, allows remote authenticated users to obtain OS filesystem access due to the interaction of QR codes with an exec that uses the -r option. This can be leveraged to obtain additional VPN access. Affected...

9CVSS6.2AI score0.01876EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder