190 matches found
CVE-2024-48729
An issue in ETSI Open-Source MANO OSM 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users component...
CVE-2024-48729
An issue in ETSI Open-Source MANO OSM 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users component...
PT-2025-30845 · Etsi · Etsi Open-Source Mano
Name of the Vulnerable Software and Affected Versions: ETSI Open-Source MANO OSM versions 14.x through 15.x Description: An issue allows a remote attacker to escalate privileges via the /osm/admin/v1/users component. Recommendations: ETSI Open-Source MANO OSM versions 14.x and 15.x are affected. ...
CVE-2024-48730
The default configuration in ETSI Open-Source MANO OSM v.14.x, v.15.x, v.16.x, v.17.x does not impose any restrictions on the authentication attempts performed by the default admin user, allowing a remote attacker to escalate privileges...
PT-2025-30846 · Etsi · Etsi Open-Source Mano
Name of the Vulnerable Software and Affected Versions: ETSI Open-Source MANO OSM versions 14.x through 15.x Description: The software does not impose restrictions on authentication attempts performed by an administrator user, potentially allowing a remote attacker to escalate privileges...
CVE-2024-48729
An issue in ETSI Open-Source MANO OSM 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users component...
CVE-2024-48730
The default configuration in ETSI Open-Source MANO OSM v.14.x, v.15.x, v.16.x, v.17.x does not impose any restrictions on the authentication attempts performed by the default admin user, allowing a remote attacker to escalate privileges...
CVE-2024-48729
The CVE-2024-48729 issue affects ETSI Open-Source MANO (OSM) versions 14.x (before 14.0.3), 15.x (before 15.0.2), 16.0.0, and 17.0.0. A remote authenticated attacker can escalate privileges via the /osm/admin/v1/users component. The connected sources confirm the vulnerability path but do not prov...
CVE-2024-48730
CVE-2024-48730 affects ETSI Open-Source MANO (OSM) versions 14.x–17.x. The issue arises from a default admin account that does not limit authentication attempts, enabling a remote attacker to escalate privileges. Evidence in multiple feeds (including Red Hat and CNNVD/CVE records) confirms the co...
CVE-2025-48219
O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS IP Multimedia Subsystem call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI E-UTRAN Cell Identity leak. The Cell ID might be usable to...
New cybersecurity rules for smart heat pump manufacturers
TL;DR Smart heat pumps face new UK cybersecurity rules Must meet ETSI EN 303 645 under the Smart Secure Electricity Systems programme Applies to most domestic heat devices up to 45 kW Compliance deadline expected to be late 2026 / early 2027 Aims to protect consumers, data, and the national grid...
Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11478)
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. A remote attacker could cause a denial of service condition by sending specially crafted TCP Selective Acknowledgment SACK sequences to affected products. This plugin only works with Tenable.ot...
Oracle Linux 5 : wireshark (ELSA-2007-0710)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0710 advisory. 0.99.6-1.el5.01 - Added patch for OCFS2 formatting 0.99.6-1 - upgrade to 0.99.6 - Wireshark could crash when dissecting an HTTP chunked response -...
ETSI WEBstore 2023 Cross Site Scripting
Document Title: =============== ETSI WEBstore 2023 - Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2327 Release Date: ============= 2023-07-26 Vulnerability Laboratory ID VL-ID: ====================================...
ETSI WEBstore 2023 - Persistent Cross Site Vulnerability
Document Title: =============== ETSI WEBstore 2023 - Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2327 Release Date: ============= 2023-07-25 Vulnerability Laboratory ID VL-ID: ====================================...
list.etsi.org Cross Site Scripting vulnerability OBB-3437294
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
portal.etsi.org Cross Site Scripting vulnerability OBB-3375398
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Wireshark 1.4.x < 1.4.15 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 1.4.15. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-1.4.15 advisory. - Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before...
SUSE CVE-2012-4285
The dissectpft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a zero-length message...
SUSE CVE-2013-1588
Multiple buffer overflows in the dissectpftfecdetailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service application crash via a malformed packet...