Cisco IOS and IOS XE Software SNMPv3 Configuration Restriction Vulnerability

A vulnerability in the implementation of the Simple Network Management Protocol Version 3 SNMPv3 feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to deny SNMP traffic from ...

PT-2025-20111 · Unknown · Oliver Campion Display Remote Posts Block

Name of the Vulnerable Software and Affected Versions: Oliver Campion Display Remote Posts Block versions 1.1.0 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability, which allows for Server Side Request Forgery. This means an attacker can potentially force the...

CVE-2022-21646

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...

CVE-2024-10972

Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being...

GHSA-X5Q3-C8RM-W787 PAM module may allow accessing with the credentials of another user

Authd PAM module up to version 0.3.4 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. This is possible using tools such as su, sudo or ssh and potentially others that, so far, do not...

CVE-2021-37577

Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key...

PT-2023-24812 · Arm +1 · Cortex-A77 +1

Name of the Vulnerable Software and Affected Versions: Cortex-A77 cores versions r0p0 and r1p0 Description: The issue arises when software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or...

Cross-Site Scripting (XSS) in GlobalProtect Gateway

A Cross-Site Scripting XSS vulnerability exists in a PAN-OS response for GlobalProtect Gateway. Ref. PAN-84836; CVE-2018-10139 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects PAN-OS 6.1.21 and earlier, PAN-OS...

Denial of Service Against GlobalProtect

A vulnerability exists in PAN-OS that could lead to denying access to GlobalProtect portal, GlobalProtect gateway or preventing configuration commits. Ref PAN-78127 / CVE-2017-15942 PAN-OS contains a vulnerability in GlobalProtect that may allow a non-authenticated third party to mount a Denial o...

Brute force attack on the PAN-OS GlobalProtect external interface

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for an attacker to brute force a username on PAN-OS GlobalProtect external Interface. The vulnerability is caused by PAN-OS provided different responses when supplying login credentials. Ref PAN-72769 /...

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface of PAN-OS, that could allow for Information Disclosure. The Management Web Interface does not properly validate certain permissions which could allow for Information Disclosure. Ref PAN-70541 / CVE-2017-7644 Successfully exploiting this issue...

CVE-2020-15245: Ability to switch customer email address on account detail page and stay verified

Impact The user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any...