PT-2024-32422 · Gotenna · Gotenna Pro App +2

Name of the Vulnerable Software and Affected Versions: goTenna Pro App affected versions not specified goTenna Pro X goTenna Pro X2 Description: The issue allows an attacker to inject custom messages with any GID and Callsign into existing goTenna mesh networks using a software-defined radio. Thi...

goTenna Pro ATAK Plugin 安全漏洞

The goTenna Pro ATAK Plugin is a plugin for goTenna's device that creates networks for off-grid communications and situational awareness. A security vulnerability exists in goTenna Pro ATAK Plugin version 1.9.12 and earlier, which stems from the ability to inject any customized message into an...

goTenna Pro 授权问题漏洞

The goTenna Pro is a series of devices from goTenna that can create networks for off-grid communications and situational awareness. The goTenna Pro is vulnerable to an authorization issue vulnerability that stems from an issue containing the ability to inject any custom message with any GID and...

PT-2024-29538 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The issue allows an attacker to inject custom messages with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This can be exploited if t...

CVE-2024-20475

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based...

Cisco Catalyst SD-WAN Manager 安全漏洞

Cisco Catalyst SD-WAN Manager Cisco SD-WAN vManage is a highly customizable dashboard from Cisco, Inc. that simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. A security vulnerability exists in Cisco Catalyst SD-WAN Manager that stems from the...

CVE-2024-8631 Privilege Defined With Unsafe Actions in GitLab

A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated their privileges to include other custom roles...

CVE-2024-40681

IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager...

IBM MQ 安全漏洞

IBM MQ Operator is a tool from International Business Machines IBM for managing the lifecycle of IBM MQ Queue Manager. A security bypass vulnerability exists in IBM MQ Operator versions 2.0.26 and 3.2.4, which can be exploited by an authenticated attacker in a specifically defined role to...

CVE-2024-41084

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Avoid null pointer dereference in region lookup cxldpatoregion looks up a region based on a memdev and DPA. It wrongly assumes an endpoint found mapping the DPA is also of a fully assembled region. When not true it...

SUSE CVE-2024-41084

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Avoid null pointer dereference in region lookup cxldpatoregion looks up a region based on a memdev and DPA. It wrongly assumes an endpoint found mapping the DPA is also of a fully assembled region. When not true it...

Cato Networks Windows SDP Client 安全漏洞

Cato Networks Windows SDP Client is a secure remote access software from Cato Networks, Israel. A security vulnerability exists in Cato Networks Windows SDP Client versions prior to 5.10.34 that stems from a local root certificate that can be installed by a user with low privileges...

The vulnerability in the web interface of the software-defined networking management software HPE Aruba Networking EdgeConnect SD-WAN Orchestrator allows a attacker to execute XSS attacks.

The vulnerability of the HPE Aruba Networking EdgeConnect SD-WAN Orchestrator software’s web interface exists due to the lack of protective measures taken for the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

DEBIAN-CVE-2024-41084

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Avoid null pointer dereference in region lookup cxldpatoregion looks up a region based on a memdev and DPA. It wrongly assumes an endpoint found mapping the DPA is also of a fully assembled region. When not true it...

CVE-2024-41084 cxl/region: Avoid null pointer dereference in region lookup

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Avoid null pointer dereference in region lookup cxldpatoregion looks up a region based on a memdev and DPA. It wrongly assumes an endpoint found mapping the DPA is also of a fully assembled region. When not true it...

Hewlett Packard Enterprise EdgeConnect SD-WAN 安全漏洞

Hewlett Packard Enterprise EdgeConnect SD-WAN is Hewlett Packard Enterprise's secure network foundation for Zero Trust and SASE. It includes best-in-class SD-WAN and next-generation firewalls that deliver unrivaled quality of experience and advanced security. A security vulnerability exists in...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

...

CVE-2023-50179

An improper certificate validation vulnerability CWE-295 in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors...

Fortinet FortiADC Trust Management Issue Vulnerability

Fortinet FortiADC is an application delivery controller from Fortinet, Inc. A trust management issue vulnerability exists in the Fortinet FortiADC that stems from the presence of an improper certificate validation vulnerability that could allow a remote, unauthenticated attacker to perform a...

Improper Access Control

github.com/mattermost/mattermost-server is vulnerable to Improper Access Control. The vulnerability is due to the createPost function not preventing users from specifying a RemoteId for their posts, allowing attackers to create posts with user-defined post IDs. Attackers can use this to cause...