163 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-29922
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in som...
CVE-2025-0110 PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web interface to bypass system restrictions and run arbitrary commands. The commands are run as the...
Attackers exploiting a patched FortiClient EMS vulnerability in the wild
Introduction During a recent incident response, Kaspersky's GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company's networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of S...
PT-2024-35708 · Unknown · Home-Gallery.Org
Name of the Vulnerable Software and Affected Versions: Home-Gallery.org versions 1.15.0 and earlier Description: The default setup of Home-Gallery.org is vulnerable to DNS rebinding due to the lack of TLS and user authentication. An attacker can exploit this by changing the DNS records of their...
PT-2024-31601
Name of the Vulnerable Software and Affected Versions: h2o affected versions not specified Description: The issue concerns an HTTP server that supports various HTTP versions. When specific conditions are met, such as receiving an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QU...
Exposure Of Sensitive Information
org.apache.rocketmq, rocketmq-all is vulnerable to the Exposure of Sensitive Information. The vulnerability is due to specific interfaces that allow an attacker with regular user privileges or listed in the IP whitelist to acquire the administrator's account and password. This vulnerability enabl...
PT-2024-4045
Name of the Vulnerable Software and Affected Versions net-ip version affected versions not specified Traefik version affected versions not specified Description The issue is related to the incorrect functioning of the Is methods such as IsPrivate, IsLoopback, etc. in the net-ip component of the...
CVE-2024-5514
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...
CVE-2024-5514 MinMax CMS - Hidden Functionality
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...
CVE-2024-5514 MinMax CMS - Hidden Functionality
MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without bei...
CVE-2024-5514
CVE-2024-5514 affects MinMax CMS by MinMax Digital Technology and involves a hidden administrative account with a fixed password that cannot be removed or disabled via the management interface. This allows remote attackers to bypass IP-based access controls and log in to the backend without being...
DEBIAN-CVE-2022-24808
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users shou...
CVE-2024-2049
Server-Side Request Forgery SSRF in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP...
Citrix SD-WAN Code Issue Vulnerability
Citrix Systems Citrix SD-WAN is a networking product from Citrix Systems, Inc. It virtualizes and optimizes enterprise site-to-site networks. A code issue vulnerability exists in Citrix SD-WAN versions 11.4.0 through 11.4.4.46, which originated from a code issue that allows an attacker to disclos...
CVE-2022-43515
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...
[Citrix Gateway VPN] Cannot access intranet applications in VPN over Proxy environment
When you connect Citrix Gateway VPN. You may observe VPN establishment is OK but cannot access internal applications/networks when the following conditions both match: Client has proxy configured and VPN connection goes through Proxy. Client PC has an interface IP in 169.254.0.0/16 subnet Usually...
Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager
Vuln Impact This vulnerability may allow an unauthenticated...
Arista Networks Arista EOS 安全漏洞
Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...
F5 BIG-IP APM 访问控制错误漏洞
F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. F5 BIG-IP APM suffers from an Access Control Error vulnerability that arises from a connection to the BIG-IP Edge Client on Mac and Windows wh...
CVE-2021-40825
nLight ECLYPSE nECY system Controllers running software prior to 1.17.21245.754 contain a default key vulnerability. The nECY does not force a change to the key upon the initial configuration of an affected device. nECY system controllers utilize an encrypted channel to secure SensorViewTM...