CVE-2025-52663

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products:...

EUVD-2022-5091

Malicious code in bioql PyPI...

CVE-2025-3498

An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 configuration. The device has two web servers that expose unauthenticated REST APIs on the management network TCP ports 8084 and 8086. An attacker can use these APIs to...

Vulnerabilities fixed in Citrix Hypervisor

Several vulnerabilities have been fixed in Citrix Hypervisor. A malicious party could potentially exploit the vulnerabilities to cause a denial-of-service attack. To exploit the vulnerability with reference CVE-2022-33748, two malicious virtual machines need to two rogue virtual machines to work...

openstack-octavia: amphora-agent not requiring client certificate

A certificate-validation error has been found in Octavia's amphora-agent, where an attacker with management-network access could bypass an amphora's client-certificate based authentication. Because the agent's HTTP server gunicorn had 'certreqs' set to 'True' instead of 'ssl.CERTREQUIRED',...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

CVE-2018-9068

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Leno...

Integrated Management Module 2 (IMM2) First Failure Data Capture (FFDC) Information Disclosure - US

Lenovo Security Advisory: LEN-20227 Potential Impact: Information disclosure Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9068 Summary Description: The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware...

CVE-2017-6687

A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default credentials present on the system, aka an Insecure Default Password Vulnerability. More Information:...

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface of PAN-OS, that could allow for Information Disclosure. The Management Web Interface does not properly validate certain permissions which could allow for Information Disclosure. Ref PAN-70541 / CVE-2017-7644 Successfully exploiting this issue...

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow for Information Disclosure. The Management Web Interface does not properly validate specific request parameters which can potentially allow for Information Disclosure. Ref PAN-70434 / CVE-2017-7216 Successfully exploiting thi...

Kernel Vulnerability

A vulnerability exists in the kernel of PAN-OS that may result in an elevation of privilege. This issue is publicly known as Dirty COW ref PAN-68074 / CVE-2016-5195. PAN-OS may be impacted by the Dirty COW CVE-2016-5195 attack. A race condition was found in the way the Linux kernel's memory...