EUVD-2026-34251

This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware. A remote attacker could exploit this vulnerability by extracting the cryptographic private key from the firmware, which could lead to decryption of HTTPS traffic and...

CVE-2021-1594 Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the REST API of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a...

Improper access control

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption...

CVE-2017-6338

CVE-2017-6338 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before CP 1746. Affected component/issue: multiple access control flaws that let an authenticated, low-privilege remote user (e.g., Reports Only or Auditor) modify FTP Access Control Settings, create/modify rep...

CVE-2017-6338

Multiple Access Control issues in Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 allow an authenticated, remote user with low privileges like 'Reports Only' or 'Auditor' to change FTP Access Control Settings, create or modify reports, or upload an HTTPS Decryption...

CVE-2016-9212

A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer SSL or Transport Layer Security TLS, even if the WS...