BenQ EH600安全漏洞

The BenQ EH600 is an Android-based business smart projector from China's BenQ. A security vulnerability exists in the BenQ EH600 that stems from the BenQ smart wireless conference projector's management interface not properly controlling user privileges. An attacker can access any system director...

Dell OpenManage Enterprise docker实例预认证RCE认证绕过漏洞（CVE-2021-21596）

Details - Remote Auth Bypass with 2 pre-auth RCEs in docker instances There is a chain of pre-auth vulnerabilities allowing to: get a shell on the redis container, as redis get a shell on the postgres container, as postgres get a full access to the postgres database bypass authentication on the w...

EulerOS Virtualization for ARM 64 3.0.2.0 : dhcp (EulerOS-SA-2021-2077)

According to the versions of the dhcp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - DHCP Dynamic Host Configuration Protocol is a protocol which allows individual devices on an IP network to get their own...

AWS Pen-Testing Laboratory - Pentesting Lab With A Kali Linux Instance Accessible Via Ssh And Wireguard VPN And With Vulnerable Instances In A Private Subnet

PenTesting laboratory deployed as IaC with Terraform on AWS. It deploys a Kali Linux instance accessible via ssh & wireguard VPN. Vulnerable instances in a private subnet. NOTE: Ids only defined for region "eu-west-1" For other regions, kali ami id must be specified and metasploitable3 id after...

Important: dhcp security update

The Dynamic Host Configuration Protocol DHCP is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to...

SUSE: Security Advisory (SUSE-SU-2018:3965-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-26560

An impersonation attack vulnerability was found in the Linux kernel’s Bluetooth Mesh Profile implementation. The Mesh Provisioning procedure has a flaw that allows an attacker without knowledge of the AuthValue to spoof a provisioned device and use crafted responses that appear to possess the...

CVE-2021-21482

SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges...

CVE-2021-21482

SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method. If successful, the attacker could obtain access to highly sensitive data and MDM administrative privileges...

VulnCheck KEV: CVE-2019-5591

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol LDAP server...

Cisco Application Policy Infrastructure Controller and Cisco Nexus 9000 Series Fabric Switches Security Vulnerabilities

The Cisco Application Policy Infrastructure Controller APIC and the Cisco Nexus 9000 Series Fabric Switches are both products of Cisco Corporation.The Cisco Application Policy The Cisco Application Policy Infrastructure Controller is an automated infrastructure deployment and governance solution,...

Smart DNS for the New Network: Optimizing Content Delivery

This is the third in a series of blog posts that will discuss how smart DNS resolvers can enhance ongoing internet service provider ISP and mobile network operator MNO network transformation efforts, such as the transition to 5G, better integration of Wi-Fi, and new network designs that optimize...

The vulnerability of Moxa EDR-810 microcontroller software lies in the lack of protection for service data. This allows attackers to disclose sensitive information such as the LAN IP address, model name, MAC address, subnet mask, and server configuration settings.

The vulnerability of Moxa EDR-810 microcontroller-based software lies in the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information such as the LAN IP address, model name, MAC address, subnet mask, and...

The vulnerability of the JunOS operating system, related to the use of the subnet 128.0.0.0/2 for internal communication between RE and PFE, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the JunOS operating system lies in the use of the subnet 128.0.0.0/2 for internal communication between the RE and PFE. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

mapCIDR - Small Utility Program To Perform Multiple Operations For A Given subnet/CIDR Ranges

Small utility program to perform multiple operations for a given subnet/CIDR ranges. The tool was developed to ease load distribution for mass scanning operations, it can be used both as a library and as independent CLI tool. Features Simple and modular code base making it easy to contribute. CID...

CVE-2020-24359

HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0...

PT-2020-15705 · Hashicorp · Vault-Ssh-Helper

Name of the Vulnerable Software and Affected Versions: HashiCorp vault-ssh-helper versions 0.1.6 and earlier Description: The issue arises from improper input validation in the vault-ssh-helper, where it incorrectly accepted Vault-issued SSH OTPs for the subnet of a host's network interface rathe...

CVE-2019-5591

A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server...

The vulnerability of the EDNS Client Subnet (ECS) DNS-server BIND component, which allows a attacker to cause a service failure.

The vulnerability of the EDNS Client Subnet ECS DNS-server BIND component is related to errors in processing responses with incorrectly formed RRSIG fields. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2020-14312

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora and Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option local-service is not enabled. Running dnsmasq in this manner m...