Palo Alto Networks PAN-OS 数据伪造问题漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a vulnerability in Palo Alto Networks PAN-OS related to data manipulation, which stems from an authentication bypass mechanism. This vulnerability could allow unauthenticated...

EUVD-2017-14347

Malware in sbrugna...

EUVD-2021-22959

Malware in sbrugna...

CVE-2017-5242

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

CVE-2017-5242

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

Code injection

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots...

PT-2023-10639 · Rapid7 · Nexpose +1

Name of the Vulnerable Software and Affected Versions: Nexpose virtual appliances versions downloaded between April 5th, 2017 and May 3rd, 2017 InsightVM virtual appliances versions downloaded between April 5th, 2017 and May 3rd, 2017 Description: The issue concerns Nexpose and InsightVM virtual...

CVE-2017-5242

CVE-2017-5242 affects Nexpose and InsightVM virtual appliances downloaded between 2017-04-05 and 2017-05-03, which contain identical SSH host keys due to keys not being regenerated at first boot. This creates a risk that a privileged attacker could impersonate another vulnerable appliance or decr...

PAN-OS: Reflected Amplification Denial-of-Service (DoS) Vulnerability in URL Filtering

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service RDoS attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series hardware, VM-Series virtual and CN-Series container firewall...

CVE-2022-32481

Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover...

CVE-2021-36339

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance...

CVE-2021-36339

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance...

Design/Logic Flaw

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance...

CVE-2021-36339

The CVE-2021-36339 issue affects Dell EMC Virtual Appliances prior to version 9.2.2.2, where undocumented user accounts exist. This enables a local attacker with access to the appliance to potentially obtain privileged access. The vulnerability is rooted in the presence of hidden accounts rather ...

CVE-2021-36339

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance...

PT-2022-10506 · Dell Emc · Dell Emc Virtual Appliances

Name of the Vulnerable Software and Affected Versions: Dell EMC Virtual Appliances versions prior to 9.2.2.2 Description: The issue concerns undocumented user accounts in the Dell EMC Virtual Appliances, which a local malicious user could exploit to gain privileged access to the virtual appliance...

Cisco BPA, WSA Bugs Allow Remote Cyberattacks

A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation BPA application and Cisco’s Web Security Appliance WSA and could allow authenticated, remote attackers to access sensitive data or take over a targeted system. The first two bugs CVE-2021-1574 and...

Major vulnerabilities found in top virtual appliances

By Sudais Asif According to Orca Security major vulnerabilities have been found in top vendors like IBM, Dell, Oracle, Cisco, and Symantec Cloud Solutions. This is a post from HackRead.com Read the original post: Major vulnerabilities found in top virtual appliances...

Command injection

tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone...

CVE-2020-24032

tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone...