23 matches found
EUVD-2014-8930
Malware in sbrugna...
EUVD-2024-18217
Malicious code in bioql PyPI...
EUVD-2025-18656
Malicious code in bioql PyPI...
EUVD-2025-24877
Malicious code in bioql PyPI...
Cisco Meraki 16.2 / 17 / 18.1 < 18.107.12 / 18.2 < 18.211.2 Multiple Vulnerabilities (cisco-sa-meraki-mx-vpn-dos-QTRHzG2)
The version of the remote Cisco Meraki device is 16.2, 17, 18.1 prior to 18.107.12, or 18.2 prior to 18.211.2. It is, therefore, potentially affected by multiple vulnerabilities as referenced in the cisco-sa-meraki-mx-vpn-dos-QTRHzG2 advisory, including: - Multiple vulnerabilities in the Cisco...
CVE-2025-20271
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service DoS condition in the Cisco AnyConnect service on an affected device. This vulnerability is due to...
Vulnerability fixed in Cisco AnyConnect VPN for Meraki MX and Z
Cisco has fixed a vulnerability in the Cisco AnyConnect VPN server on Cisco Meraki MX and Z Series devices. The vulnerability is in how the Cisco AnyConnect VPN server initializes variables during the establishment of SSL VPN sessions. Unauthenticated remote attackers can exploit this...
CVE-2025-20271 Cisco Meraki MX and Z Series AnyConnect VPN with Client Certificate Authentication Denial of Service Vulnerability
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service DoS condition in the Cisco AnyConnect service on an affected device. This vulnerability is due to...
Cisco Meraki MX and Z Series AnyConnect VPN with Client Certificate Authentication Denial of Service Vulnerability
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service DoS condition in the Cisco AnyConnect service on an affected device. This vulnerability is due to...
CVE-2024-20513
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to...
CVE-2025-20212
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service DoS condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must...
Cisco Secure Client Flaw Enables Attackers To Steal VPN Sessions
Summary: A high severity vulnerability tracked as CVE-2024-20337 have been addressed by Cisco affecting its Secure Client software that could allow a threat actor to start a VPN session with the targeted user. Threat Level - Red | Vulnerability Report For a detailed threat advisory, download the...
CVE-2023-20269
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or ...
CVE-2020-15679
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP...
Session fixation
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP...
APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign
Why is the campaign called A41APT? In 2019, we observed an APT campaign targeting multiple industries, including the Japanese manufacturing industry and its overseas operations, that was designed to steal information. We named the campaign A41APT not APT41 which is derived from the host name...
CVE-2019-1714
A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 Single Sign-On SSO for Clientless SSL VPN WebVPN and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated,...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...
CVE-2014-9104
Multiple cross-site request forgery CSRF vulnerabilities in the XML-RPC API in the Desktop Client in OpenVPN Access Server 1.5.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 disconnecting established VPN sessions, 2 connect to arbitrary VPN...
CVE-2014-9104
CVE-2014-9104 covers CSRF vulnerabilities in the XML-RPC API of the OpenVPN Access Server Desktop Client (versions up to 1.5.6). The issues allow an attacker to hijack administrator authentication and perform actions via crafted API requests, including disconnecting VPN sessions, connecting to ar...