Lucene search
K

223 matches found

CVE
CVE
added 2023/10/10 1:12 p.m.1094 views

CVE-2023-4966

CVE-2023-4966 affects Citrix NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA virtual server. The issue stems from improper usage of snprintf/memory handling in the WebProc/auth pathways, causing memory disclosure via crafted responses and exposing sensitive data (e.g., aut...

9.4CVSS8.6AI score0.99999EPSS
In wildExploits15References3Affected Software2
Oracle linux
Oracle linux
added 2023/10/10 12:0 a.m.45 views

glibc security update

2.34-60.0.3.7 - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode 2234716. - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaihinet. Reviewed by: Jose E. Marchesi...

7.8CVSS8AI score0.81422EPSS
Exploits27
Cvelist
Cvelist
added 2023/09/27 5:22 p.m.32 views

CVE-2023-20186

A vulnerability in the Authentication, Authorization, and Accounting AAA feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy...

8CVSS9.5AI score0.00586EPSS
Exploits0References1
CVE
CVE
added 2023/09/27 5:22 p.m.127 views

CVE-2023-20186

Cisco IOS/IOS XE has a vulnerability in the AAA features that can allow an authenticated attacker with level 15 privileges to bypass command authorization and use SCP to copy files to or from the device. The root cause is incorrect SCP command processing within AAA authorization checks, enabling ...

9.1CVSS9.2AI score0.00586EPSS
Exploits0References1Affected Software1
Citrix
Citrix
added 2023/09/26 12:0 a.m.12 views

How to write an AppExpert Rewrite policy for EULA/Header on AAA/GW vserver

Demonstrate how a rewrite action can be used to add a footnote or a header above the logon page of a AAA vserver...

7AI score
Exploits0
Citrix
Citrix
added 2023/09/14 12:0 a.m.6 views

NetScaler AAA sessions' explanation under "Reporting>Citrix Gateway>AAA>AAA sessions"

This guide provides an explanation of the "AAA sessions" section within the ADC Application Delivery Controller reporting, specifically under "Citrix Gateway."...

7.1AI score
Exploits0
Cisco
Cisco
added 2023/09/13 4:0 p.m.6 views

Cisco IOS XR Software Model-Driven Programmability Behavior with AAA Authorization

Cisco IOS XR Software supports a programmatic way of configuring and collecting operational data on a network device using data models. Data models provide access to the capabilities of the devices in a network using NETCONF or gRPC. According to Cisco IOS XR Software configuration guides, if...

7.3AI score
Exploits0References1
Citrix
Citrix
added 2023/09/10 12:0 a.m.13 views

How to use rewrite policy to add text message or links under logon button in Gateway logon page

This article describes how to add text message or links to Gateway logon page with RfWebUI based portal theme. The below image is the Gateway logon page for an end user. Links and text message are under Log On button. The solution in this article applies to both basic authentication and AAA...

7.3AI score
Exploits0
NVD
NVD
added 2023/09/06 6:15 p.m.28 views

CVE-2023-20269

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or ...

9.1CVSS7.7AI score0.21583EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/06 5:9 p.m.28 views

CVE-2023-20269

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or ...

5CVSS9.7AI score0.21583EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/09/06 12:0 a.m.107 views

CVE-2023-20269

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or ...

9.1CVSS7.5AI score0.21583EPSS
In wildExploits0References3
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/08/01 4:0 p.m.16 views

Microsoft Defender for Office 365 gets highest rating in SE Labs Enterprise Email Security Services test for Q1 2023

In the ever-evolving world of cybersecurity, email remains a primary attack vector for cybercriminals, making effective email protection a foundational piece of any organization’s security strategy. In Q1 2023, Microsoft was once again part of an evaluation of email security platforms conducted b...

6.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/05/11 12:0 a.m.106 views

Citrix ADC and Citrix Gateway Multiple Vulnerabilities (CTX477714)

The remote Citrix ADC or Citrix Gateway device is version 12.1 before 12.1-65.35, 12.1-FIPS before 12.1-55.296, 13.0 before 13.0-90.11 or 13.1 before 13.1-45.61. It is therefore affected by multiple vulnerabilities: - A cross-site scripting vulnerability affecting appliances configured as a Gatew...

7.5CVSS6.7AI score0.80907EPSS
Exploits3References3
F5 Networks
F5 Networks
added 2023/02/21 6:50 p.m.51 views

K40507733: The BIG-IP APM logon page may expose an XSS security risk

Security Advisory Description This issue occurs when all of the following conditions are met: You configure an authentication, authorization, and accounting AAA agent after a logon page agent in the access policy. You configure the AAA agent with a Max Logon Attempts Allowed value higher than 1...

6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/02/21 5:0 p.m.23 views

Microsoft Defender for Office 365 named Best Email Security Service of 2023 by SE Labs

In todays world where hybrid and remote work are on the rise, and companies rely on email now more than ever, phishing remains one of the most prominent and sophisticated techniques that malicious actors utilize to attack organizations and gain access to their most sensitive information...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.6 views

SUSE CVE-2011-0468

The aaabase package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion...

6.9CVSS7.1AI score0.00326EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/11/29 9:56 p.m.64 views

CVE-2022-45931

A SQL injection issue was discovered in the AAA package of OpenDaylight. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used. This may allow a malicious user to execute arbitrary sql...

6.8CVSS3.5AI score0.00543EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/11/29 9:56 p.m.39 views

CVE-2022-45932

A SQL injection issue was discovered in the AAA package of OpenDaylight. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used. This may allow a malicious user to execute arbitrary sql...

6.8CVSS3.4AI score0.00599EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2022/11/29 9:26 p.m.35 views

CVE-2022-45930

A SQL injection issue was discovered in the AAA package of OpenDaylight. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface. This may allow a malicious user to execute arbitrary sql...

6.8CVSS3.5AI score0.00687EPSS
Exploits1References5
Veracode
Veracode
added 2022/11/28 6:39 a.m.25 views

SQL Injection

org.opendaylight.aaa:aaa-idm-store-h2 is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the deleteRole function in RoleStore.java allows a malicious user to inject and execute arbitrary SQL queries on the target system, when the API interface /auth/v1/roles/ ...

7.5CVSS8.2AI score0.00599EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder