MikroTik RouterOS <= 7.20 Authentication Bypass via Improper Certificate Validation (CVE-2025-42611)

According to its self-reported version, the remote networking device is running a version of MikroTik RouterOS 7.x prior to or equal to 7.20. It is, therefore, affected by an authentication bypass vulnerability caused by improper certificate validation. The vulnerability lies in shared certificat...

EUVD-2025-209639

RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x 802.1X, among others. The vulnerability lies in shared certificate validation logic which uses th...

CVE-2025-42611

RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x 802.1X, among others. The vulnerability lies in shared certificate validation logic which uses th...

CVE-2025-42611

RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x 802.1X, among others. The vulnerability lies in shared certificate validation logic which uses th...

Mikrotik RouterOS 信任管理问题漏洞

Mikrotik RouterOS is an operating system for network devices developed by the Latvian company Mikrotik. There is a vulnerability in MikroTik RouterOS’s trust management mechanism. This vulnerability stems from the shared certificate validation logic, which leads to scope confusion. As a result, a...

CVE-2026-21908

A Use After Free vulnerability was identified in the 802.1X authentication daemon dot1xd of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service DoS, or potentially...

EUVD-2025-201898

An XSS vulnerability in pxcDot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-41748 Reflected XSS vulnerability in pxc_Dot1xCfg.php

An XSS vulnerability in pxcDot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

PT-2025-49820

An XSS vulnerability in pxc Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

EUVD-2011-2051

Malware in sbrugna...

EUVD-2011-2052

Malware in sbrugna...

EUVD-2024-38037

Malicious code in bioql PyPI...

CVE-2011-2058

The cat6000-dot1x component in Cisco IOS 12.2 before 12.233SXI7 does not properly handle an external loop between a pair of dot1x enabled ports, which allows remote attackers to cause a denial of service traffic storm via unspecified vectors that trigger many unicast EAPoL Protocol Data Units PDU...

CVE-2011-2057

The cat6000-dot1x component in Cisco IOS 12.2 before 12.233SXI7 does not properly handle 1 a loop between a dot1x enabled port and an open-authentication dot1x enabled port and 2 a loop between a dot1x enabled port and a non-dot1x port, which allows remote attackers to cause a denial of service...

CVE-2024-39511

An Improper Input Validation vulnerability in the 802.1X Authentication dot1x Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service DoS. On running a specific operational dot1x command, the dot1x daemon crashes. An attacker...

CVE-2024-39511

An Improper Input Validation vulnerability in the 802.1X Authentication dot1x Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service DoS. On running a specific operational dot1x command, the dot1x daemon crashes. An attacker...

CVE-2024-39511

The CVE-2024-39511 entry concerns Juniper Networks Junos OS: an improper input validation vulnerability in the 802.1X Authentication (dot1x) Daemon. When an operator runs a specific dot1x command, the dot1x daemon may crash, causing a Denial of Service that clears all 802.1x client authentication...

CVE-2020-20266

Mikrotik RouterOs before 6.47 stable tree suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service NULL pointer dereference...

Command injection

A vulnerability due to the improper handling of direct memory access DMA buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service DoS condition by exhausting DMA buffers, causing the FPC to crash and the device to...

CVE-2021-0242 Junos OS: EX4300: FPC crash upon receipt of specific frames on an interface without L2PT or dot1x configured

A vulnerability due to the improper handling of direct memory access DMA buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service DoS condition by exhausting DMA buffers, causing the FPC to crash and the device to...