550 matches found
CVE-2021-31350 Junos OS and Junos OS Evolved: Privilege escalation vulnerability in Juniper Extension Toolkit (JET)
An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit JET API on Juniper Networks Junos OS and Junos OS Evolved, allows a network-based, low-privileged authenticated attacker to perform operations as root, leading to complete compromise of the...
Denial Of Service (DoS)
MySQL is vulnerable to denial of service. An attacker is able to exploit the vulnerability by accessing the network and crashing the system...
Denial Of Service (DoS)
MySQL is vulnerable to denial of service. An attacker is able to exploit the vulnerability by accessing the network and crashing the system...
Juniper Junos OS Vulnerability (JSA11215)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11215 advisory. - An Improper Privilege Management vulnerability in the gRPC framework, used by the Juniper Extension Toolkit JET API on Juniper Networks Junos OS and Junos OS Evolved, allo...
CVE-2021-35496
The CVE-2021-35496 entry concerns the XMLA Connections component in TIBCO JasperReports Server (and variants) with a low-privilege, network-accessible attacker able to interfere with XML processing. Affected products/releases include JasperReports Server 7.2.1 and below, 7.5.0/7.5.1, 7.8.0, 7.9.0...
CVE-2021-3806
A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system...
CVE-2021-38162
SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 processes allow an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server which may,...
Authorization
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex...
CVE-2021-3053 PAN-OS: Exceptional Condition Denial-of-Service (DoS)
An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request...
CVE-2021-3052 PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface
A reflected cross-site scripting XSS vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface a...
CVE-2021-3052
The CVE-2021-3052 issue is a Reflected XSS in the PAN-OS web interface. A authenticated network-based attacker can lure another authenticated PAN-OS administrator into clicking a crafted link to perform arbitrary actions in the admin interface. Affected versions include PAN-OS 8.1.x before 8.1.20...
CVE-2021-3049 Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability
An improper authorization vulnerability in the Palo Alto Networks Cortex XSOAR server enables an authenticated network-based attacker with investigation read permissions to download files from incident investigations of which they are aware but are not a part of. This issue impacts: All Cortex...
PAN-OS: Exceptional Condition Denial-of-Service (DoS)
An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to crash. Repeated attempts to send this request...
Input validation
An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as t...
CVE-2021-33886
An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as t...
Brutus - An Educational Exploitation Framework Shipped On A Modular And Highly Extensible Multi-Tasking And Multi-Processing Architecture
An educational exploitation framework shipped on a modular and highly extensible multi-tasking and multi-processing architecture. Brutus: an Introduction Looking for version 1? See the branches in this repository. Brutus is an educational exploitation framework written in Python. It automates pre...
Design/Logic Flaw
An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of...
Citrix SD-WAN Center Test Build Network DoS (CTX297155)
The remote Citrix SD-WAN Center is version 10.2.x prior to 10.2.9a, 11.1.x prior to 11.1.2c, 11.2.x prior to 11.2.3a, or 11.2.x prior to 11.3.1a. It is, therefore, vulnerable to a Network-based denial-of-service from an attacker within the same Layer 2 network segment. Note that Nessus has not...
CVE-2020-8299
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based...
CVE-2021-33842
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located...