16 matches found
EUVD-2023-32362
Malicious code in bioql PyPI...
CVE-2022-46408
Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...
CVE-2022-46408
Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...
CVE-2022-46408
Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...
Design/Logic Flaw
Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...
The vulnerabilities of the NGINX Instance Manager automation platform, the NGINX API Connectivity Manager connection management controller, and the NGINX Security Monitoring security monitoring and management platform are related to the improper use of standard permissions. This allows attackers to increase their privileges.
The vulnerabilities of the NGINX Instance Manager automation platform, the NGINX API Connectivity Manager for connection management, and the NGINX Security Monitoring platform are related to the improper use of standard permissions. Exploiting these vulnerabilities can allow attackers to increase...
The vulnerabilities of the NGINX Instance Manager automation platform, the NGINX API Connectivity Manager connection management controller, and the NGINX Security Monitoring security monitoring platform involve exploiting authentication bypasses through the use of user-controlled keys. This allows attackers to circumvent security restrictions and gain access to read, modify, or delete data.
The vulnerabilities of the NGINX Instance Manager automation platform, the NGINX API Connectivity Manager, and the NGINX Security Monitoring platform involve exploiting authentication mechanisms by using user-controlled keys. Exploitation of these vulnerabilities could allow an attacker to bypass...
Vulnerabilities fixed in several F5 products
F5 has fixed several vulnerabilities in BIG-IP and NGINX. A remote malicious party can exploit the vulnerabilities in BIG-IP exploit them to cause a denial-of-service DOS on the Traffic Management Microkernel TMM subprocess. To do this, the vulnerable system must be configured with a specific UDP...
CVE-2023-28724
NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Default credentials
NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
PT-2023-2757 · Nginx · Nginx Instance Manager +3
Name of the Vulnerable Software and Affected Versions: NGINX Management Suite affected versions not specified NGINX Instance Manager affected versions not specified NGINX API Connectivity Manager affected versions not specified NGINX Security Monitoring affected versions not specified Description...
CVE-2023-1550
Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...
CVE-2023-1550
Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...
Design/Logic Flaw
Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...
CVE-2023-1550 NGINX Agent vulnerability CVE-2023-1550
Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...
K000133135: NGINX Agent vulnerability CVE-2023-1550
Security Advisory Description NGINX Agent inserts sensitive information into a log file. CVE-2023-1550 Impact An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note :...