378 matches found
WORM vfs module does not block overwrites
Description The vfsworm module is intended to make files immutable over SMB a short time after they are created. The time window in which they are writable is configurable, defaulting to one hour. The hook that handles renames was checking that the file being renamed was still mutable, but it was...
CVE-2022-23679
AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...
PT-2025-41273
Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.138.3 Synapse version 1.139.0 Description Synapse is an open source Matrix homeserver implementation. Insufficient validation of device keys in affected versions allows an attacker registered on the victim homeserve...
EUVD-2003-0232
Malware in sbrugna...
EUVD-2022-28626
Malicious code in bioql PyPI...
[R1] Tenable Identity Exposure Versions 3.93.2 and 3.77.13 Fix One Vulnerability
R1 Tenable Identity Exposure Versions 3.93.2 and 3.77.13 Fix One Vulnerability Arnie Cabral Wed, 08/06/2025 - 10:48 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. One of the third-party components nodeJS was found to contain vulnerabilities, and...
CVE-2023-32319
Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issu...
CVE-2022-37887
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba Networks AP management protocol UDP port 8211. Successful exploitation of these vulnerabilities result...
JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Issue in archiving web page - Dig parameter injection issue in...
JSA10415 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - Security Bundle - Client Issues
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Client vulnerabilities found and fixed through a combination of internal and external proactive security testing: - A security issue has been identified that could allow an...
JSA10401 - Pulse Connect Secure (PCS) product - PCS Security Bundle - Internal System Function
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Internal System Function vulnerabilities found and fixed through a combination of internal and external proactive security testing: Issue with special characters used in a parameter in...
SA40211 - [Pulse Secure] Cross site scripting issue (CVE-2016-4790)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue has been discovered in the Pulse Connect Secure device. This issue exists in a file that is located in the authenticated area of the administrative user...
CVE-2022-37877
A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager versions...
CVE-2022-37882
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...
CVE-2021-22573
The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...
[R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities
R1 Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities Arnie Cabral Tue, 04/19/2022 - 10:32 Tenable.sc leverages third-party software to help provide underlying functionality. Several of the third-party components were found to contain vulnerabilities, and updated versions have been made...
CVE-2021-41001
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine NAE in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch...
Vulnerability fixed in F5 BIG-IP
F5 has fixed a vulnerability in BIG-IP. A malicious person with rights to execute regular expressions could exploit the exploit the vulnerability to cause a denial-of-service, or potentially execute arbitrary code on the system. F5 has released updates to fix the vulnerability in BIG-IP 16.1.2,...
CVE-2021-38142
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured is not...
Remote code execution
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured is not...