5908 matches found
CVE-2021-1481 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...
CVE-2021-1482 Cisco SD-WAN vManage Authorization Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks. An...
Security Bulletin: IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot
Summary IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or Spring WebFlux or...
Security Bulletin: Security Vulnerabilities in IBM MQ Affect IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator is affected by vulnerabilities in IBM MQ. Vulnerability Details CVEID:CVE-2024-25015 DESCRIPTION: IBM MQ 9.2 LTS, 9.3 LTS, and 9.3 CD Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would consume all...
CVE-2024-38819: Path traversal vulnerability in org.springframework:spring-webmvc used by Confluence Data Center
h3. Issue Summary Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the...
CVE-2024-33505
A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege...
CVE-2023-47543
An authorization bypass through user-controlled key vulnerability CWE-639 in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests...
CVE-2024-33505
CVE-2024-33505 affects Fortinet FortiAnalyzer and FortiManager. The issue is a heap-based buffer overflow in the CLI that can allow a remote attacker to escalate privileges through specially crafted HTTP requests. Affected ranges include FortiAnalyzer: 6.4.0–6.4.14, 7.0.0–7.0.12, 7.2.0–7.2.5, 7.4...
CVE-2024-33505
A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege...
CVE-2024-33505
A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege...
CVE-2023-44255
An exposure of sensitive information to an unauthorized actor CWE-200 in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP o...
CVE-2023-44255
Fortinet CVE-2023-44255 affects FortiManager (before 7.4.2), FortiAnalyzer (before 7.4.2), and FortiAnalyzer-BigData (before 7.2.5). The root cause is insufficient access control, allowing a privileged attacker with administrative read permissions to read event logs of another ADOM via crafted HT...
Path Traversal
github.com/hashicorp/consul is vulnerable to Path Traversal. The vulnerability is due to the bypass of HTTP request path-based access rules when using URL paths in L7 traffic intentions, allowing unauthorized access in specific scenarios...
net/http: Denial of service due to improper 100-continue handling in net/http
A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service...
Mageia: Security Advisory (MGASA-2024-0347)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability in the web interface of Cisco Unified Industrial Wireless network devices’ Cisco Ultra-Reliable Wireless Backhaul software allows a attacker to execute arbitrary code with root privileges.
The vulnerability of the Cisco Unified Industrial Wireless network device management web interface for Cisco Ultra-Reliable Wireless Backhaul URWB is related to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a...
CVE-2024-24914
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available...
CVE-2024-24914
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available...
CVE-2024-24914
The CVE-2024-24914 issue affects Check Point Gaia Portal (Gaia Platform). Authenticated Gaia users can inject code/commands via global variables in special HTTP requests due to unprotected global variables handling in the TCL process. The vulnerability is mitigated by a security fix, with the pat...
CVE-2024-24914
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available...