265 matches found
PT-2024-15463 · Skyhigh +1 · Skyhigh Client Proxy +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A malicious insider exploiting this issue can circumvent existing security controls put in place by the organization. If the victim is using a temporary...
Intel BIOS Firmware CVE-2022-21198 (INTEL-SA-00688)
The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00688 advisory. - Time-of-check time-of-use race condition in the BIOS firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via...
Multiple Cisco Products Snort 3 Access Control Policy Bypass (cisco-sa-ftd-snort3acp-bypass-3bdR2BEh)
According to its self-reported version, Cisco FTD Software is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. TRUSTED...
F5 Networks BIG-IP : BIG-IP APM portal access vulnerability (K40625021)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K40625021 advisory. - A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP...
GHSA-MP92-3JFM-3575 Synapse vulnerable to leak of remote user device information
Impact Cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. Patches System administrators are encouraged to upgrade to Synapse 1.95.1 as soon as possible. Workarounds The federationdomainwhitelist can be used ...
F5 Networks BIG-IP TCP profile vulnerability (K000134652)
The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K000134652 advisory. When TCP Verified Accept is enabled on a TCP profile that is configured on a virtual server, undisclosed...
CVE-2023-38902
A command injection vulnerability in RG-EW series home routers and repeaters v.EW3.01B11P219, RG-NBS and RG-S1930 series switches v.SWITCH3.01B11P219, RG-EG series business VPN routers v.EG3.01B11P219, EAP and RAP series wireless access points v.AP3.01B11P219, and NBC series wireless controllers...
CVE-2023-36609
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host to acquire root privileges...
CVE-2023-21190
In btmaclencryptchange of btmacl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...
Information disclosure
In btmaclencryptchange of btmacl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...
CVE-2023-21190
CVE-2023-21190 affects Android 13 devices, with the issue located in btm_acl_encrypt_change within btm_acl.cc. A remote device can turn off encryption without terminating the connection, potentially enabling local information disclosure and requiring user interaction for exploitation. Exploitatio...
CVE-2023-21190
In btmaclencryptchange of btmacl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...
CVE-2023-21190
In btmaclencryptchange of btmacl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...
SonicWall SMA100 Directory Traversal Vulnerability (SNWLID-2019-0018)
The version of SonicWall SMA100 installed on the remote host is prior 9.0.0.4. It is, therefore, affected by a directory traversal vulnerability. In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a fi...
PUB-A-251436534
In btmaclencryptchange of btmacl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...
Juniper Junos OS Vulnerability (JSA70603)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA70603 advisory. - An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain...
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB h...
QNAP QTS / QuTS hero Command Injection (QSA-23-01)
The version of QNAP QTS / QuTS hero installed on the remote host is affected by a command injection vulnerability. If exploited, this vulnerability allows remote attackers to inject malicious code. Note that Nessus has not tested for this issue but has instead relied only on the application's...
CVE-2022-42463 Softbus_server in communication subsystem has a authenication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary co ...
OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbusserver in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary comman...
September 20, 2022—KB5017379 (OS Build 17763.3469) Preview
None None...