Lucene search
+L

69 matches found

Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.11 views

PT-2024-18672 · Cisco · Cisco Meraki Z Series Teleworker Gateway +2

Name of the Vulnerable Software and Affected Versions: Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices affected versions not specified Description: A vulnerability in the Cisco AnyConnect VPN server could allow an unauthenticated, remote attacker to cause a DoS condition for...

5.8CVSS7AI score0.00452EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.357 views

Pulse Secure VPN Arbitrary File Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN Arbitrary File Disclosure', 'Description' = %q This module exploits a pre-auth directory traversal in the Pulse Secure VPN serve...

10CVSS7.4AI score0.99999EPSS
Exploits22
OSV
OSV
added 2024/03/12 3:15 p.m.3 views

CVE-2024-23112

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticat...

4.3CVSS5.8AI score0.00663EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/03/11 5:59 a.m.56 views

Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT

A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. "Threat actor group Magnet Goblin's hallmark is its...

8.2AI score
Exploits0
OSV
OSV
added 2024/02/24 12:15 a.m.3 views

CVE-2024-22395

Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application...

6.3CVSS5.8AI score0.00433EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/01/19 4:55 a.m.59 views

U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a now-patched critical flaw impacting Ivanti Endpoint Manager Mobile EPMM and MobileIron Core to its Known Exploited Vulnerabilities KEV catalog, stating it's being actively exploited in the wild. The vulnerability i...

10CVSS8.8AI score0.99999EPSS
Exploits37
CNNVD
CNNVD
added 2023/12/05 12:0 a.m.5 views

SONICWALL SMA100 SSL-VPN Security Vulnerability

The SonicWALL SMA100 is a secure access gateway device from SonicWALL USA. A security vulnerability exists in the SONICWALL SMA100 SSL-VPN that stems from improper neutralization of special elements...

7.2CVSS8.2AI score0.74933EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/10/20 12:0 a.m.9 views

The vulnerability of the SonicOS operating system, related to buffer overflows in the stack, allows a hacker to trigger a service failure.

The vulnerability of the SonicOS operating system is related to an overflow in the buffer in the stack at the end of the URL address plainprefs.exp for the SSL VPN. Exploiting this vulnerability allows a malicious actor to cause a service failure through a specially crafted HTTP request...

7.7CVSS7AI score0.00803EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/06/16 10:15 a.m.3 views

CVE-2023-33306

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter...

6.5CVSS5.8AI score0.00839EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/16 12:0 a.m.6 views

Fortinet FortiOS 代码问题漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering, and antispam security features. A security vulnerability exists in Fortinet...

6.5CVSS6.5AI score0.00592EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/05/17 12:0 a.m.15 views

The vulnerability of the SSLVPN service on FortiOS operating systems and the proxy servers for protecting against Internet attacks by FortiProxy allows attackers to execute arbitrary commands.

The vulnerability of the SSLVPN service on FortiOS operating systems and FortiProxy proxy servers for protecting against Internet attacks is related to writing data beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending special...

7.5CVSS8.2AI score0.0089EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2023/03/02 12:0 a.m.7 views

SonicWALL SonicOS 安全漏洞

SonicWALL SonicOS is a suite of operating systems from SonicWALL, Inc. designed for SonicWall firewall appliances. A security vulnerability exists in SonicWALL SonicOS SSLVPN that stems from an improper restriction of too many MFA attempts, allowing an authenticated attacker to use too much MFA...

8.8CVSS6.3AI score0.00684EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2022/12/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-42475

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests...

9.8CVSS8AI score0.99474EPSS
Exploits11References1
OSV
OSV
added 2022/10/26 3:15 p.m.5 views

CVE-2022-20933

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation of...

8.6CVSS5.8AI score0.00992EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/18 12:0 a.m.10 views

SonicWall SSL-VPN SMA100 series 操作系统命令注入漏洞

SonicWall SSL-VPN SMA100 series is SonicWall's for secure remote connectivity. A series of VPN connectivity solutions. The SonicWall SSL-VPN SMA100 series suffers from an operating system command injection vulnerability that originates from improper input validation in the management interface. A...

9CVSS7.7AI score0.1111EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2021/05/28 7:29 a.m.286 views

Chinese Cyber Espionage Hackers Continue to Target Pulse Secure VPN Devices

Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures TTPs adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye's...

10CVSS0.4AI score0.47172EPSS
Exploits9
The Hacker News
The Hacker News
added 2021/05/04 7:52 a.m.129 views

Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack

Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as CVE-2021-22893 CVSS score 10, the flaw concerns "multiple us...

10CVSS1.6AI score0.47172EPSS
Exploits9
Malwarebytes
Malwarebytes
added 2021/04/23 2:0 p.m.90 views

SUPERNOVA malware discovered on SolarWinds Orion server

The Cybersecurity and Infrastructure Security Agency CISA has reported finding the SUPERNOVA web shell collecting credentials on a SolarWinds Orion server. These observations were made during an incident response to an Advanced Persistent Threat APT actor’s year-long compromise of an enterprise...

7.5CVSS1.4AI score0.9198EPSS
Exploits3
The Hacker News
The Hacker News
added 2021/04/21 4:20 a.m.2859 views

WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

If Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability CVE-2021-22893 that is currently being exploited in the wild and for which there is no patch available yet. At least two threat...

10CVSS0.6AI score0.99999EPSS
Exploits35
CNNVD
CNNVD
added 2021/04/20 12:0 a.m.2 views

Pulse Secure Pulse Connect Secure 资源管理错误漏洞

Pulse Secure Pulse Connect Secure a.k.a. PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure in the United States. An authentication bypass vulnerability exists in Pulse Connect Secure, which can be exploited by an attacker to execute arbitrary code on Pul...

10CVSS6.4AI score0.47172EPSS
Exploits9References8
Rows per page
Query Builder