Lucene search
K

12 matches found

Positive Technologies
Positive Technologies
added 2025/07/02 12:0 a.m.11 views

PT-2025-27619 · Infinera · Infinera G42

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3 Description: The issue allows remote authenticated users to read and write OS files via SFTP connections. Account members of the Network Administrator profile can access the target machine via SFTP with the same...

6.8CVSS6.2AI score0.00318EPSS
Exploits0References7
NVD
NVD
added 2025/03/05 4:15 p.m.8 views

CVE-2025-24521

External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25...

6.9CVSS0.00396EPSS
Exploits0References4
NVD
NVD
added 2025/03/05 4:15 p.m.9 views

CVE-2025-21095

Path traversal may lead to arbitrary file download. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25...

6.9CVSS0.00526EPSS
Exploits0References4
CVE
CVE
added 2025/03/05 3:19 p.m.61 views

CVE-2025-21095

CVE-2025-21095 affects Keysight Ixia Vision Product Family. A path traversal vulnerability could lead to an arbitrary file download (remediation in version 6.8.0, 01-Mar-25). Some sources also describe potential remote code execution when combined with certain functions (e.g., Upload); however, e...

6.9CVSS7.3AI score0.00526EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/11 3:48 p.m.20 views

CVE-2024-28140 Violation of Least Privilege Principle

The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by running "ps aux" as the root user and...

0.00297EPSS
Exploits0References2
NVD
NVD
added 2024/04/23 9:15 a.m.16 views

CVE-2024-3185

A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This wa...

6.8CVSS6.5AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/23 8:39 a.m.18 views

CVE-2024-3185 Rapid7 Insight Agent Sensitive Key Exposed To Local Users

A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This wa...

6.8CVSS6.7AI score0.00172EPSS
Exploits0References1
CVE
CVE
added 2024/04/23 8:39 a.m.95 views

CVE-2024-3185

CVE-2024-3185 (Rapid7 Insight Agent/Rapid7 Platform) involves a misconfigured key in logging.json that, by default, does not adhere to the least-privilege principle and is exposed to local users. An attacker with local access could use this key to authenticate to the platform with elevated privil...

6.8CVSS6.6AI score0.00172EPSS
Exploits0References1
ICS
ICS
added 2022/10/06 12:0 a.m.49 views

Rockwell Automation FactoryTalk VantagePoint

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk VantagePoint software Vulnerabilities: Improper Access Control, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

8.8CVSS9.6AI score0.03161EPSS
Exploits0References4
Akamai Blog
Akamai Blog
added 2021/07/20 2:0 p.m.46 views

Zero Trust Network Access Is an Oxymoron

Though Zero Trust is really quite simple and should be viewed as a very strong form of the age-old principle of least privilege, that does not mean that it is the same thing. In fact, one of the most significant differences from what came before is that when it comes to access, Zero Trust is base...

0.3AI score
Exploits0
Akamai Blog
Akamai Blog
added 2021/07/13 2:0 p.m.30 views

Zero Trust: The Protection Model for the Post-Pandemic World

One year and a half following the start of the COVID-19 pandemic, we're seeing most companies either maintaining their remote work policies or slowly moving to a hybrid model. In fact, an estimated 36.2 million Americans will be working remotely by 2025, which is nearly double pre-pandemic levels...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/23 8:26 p.m.43 views

When contractors attack: two years in jail for vengeful IT admin

An IT contractor working for an IT consultancy company took it upon himself to perform an act of revenge against the firm he worked at, after they complained about his performance. The charge he faced was breaking into the network of a company in Carlsbad, California. And it got him two years in...

0.6AI score
Exploits0
Rows per page
Query Builder