CVE-2025-11192 Fabric Engine (VOSS) AutoSense Authentication Bypass

A vulnerability in Extreme Networks’ Fabric Engine VOSS before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. The SD-WAN AutoSense implementation may be exploited by malicious acto...

Extreme Networks Fabric Engine 安全漏洞

Extreme Networks Fabric Engine is a virtualized network fabric engine from Extreme. A security vulnerability exists in Extreme Networks Fabric Engine versions prior to 9.3 that stems from unvalidated ISIS authentication settings and could lead to unauthorized access to network fabric and...

Microsoft Azure Arc 安全漏洞

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. A security vulnerability exists in Microsoft Azure Arc. An attacker could exploit the vulnerability to elevate privileges. The following products and versions are affected:Azure Arc...

Bug fixes in Cisco NX-OS

Cisco has fixed several vulnerabilities in NX-OS for various platforms. A malicious party could exploit the vulnerabilities to cause a denial-of-service or, in specific configurations, execute arbitrary code with root privileges. No prior authentication is necessary. The vulnerable services, Cisc...

CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

Design/Logic Flaw

A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and th...