CVE-2017-20234

GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions a...

CVE-2026-25071

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...

CVE-2026-25071

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...

CVE-2026-25071

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...

CVE-2026-25071

XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...

XikeStor SKS8310-8X 访问控制错误漏洞

The XikeStor SKS8310-8X is an Ethernet switch produced by the XikeStor company. Versions of XikeStor SKS8310-8X prior to 1.04.B07 contain a security vulnerability related to access control. This vulnerability stems from the absence of authentication at the /switchconfig.src endpoint, which may...

CVE-2022-50980

A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN...

CVE-2022-50978

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus TCP...

PT-2026-5664

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP...

PT-2026-5665

An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus TCP...

EUVD-2017-11320

Malware in sbrugna...

EUVD-2019-10391

Malware in sbrugna...

EUVD-2020-23438

Malware in sbrugna...

EUVD-2023-28530

Malicious code in bioql PyPI...

Brocade Fabric OS before 9.2.2 does not enforce strict host key checking

A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a...

CVE-2024-20263

A vulnerability with the access control list ACL management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected...

CVE-2023-24498

CVE-2023-24498 describes a credential-leak flaw affecting the NETGEAR ProSAFE FS726TP switch. An unspecified endpoint in the switch’s web server may fail to properly authenticate a user, allowing a configuration page (containing the switch password) to be downloaded in plaintext. Multiple sources...

D-Link DGS-1250 Header Injection

D-Link DGS-1250 header injection vulnerability ============================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/d-link-dgs-1250-header-injection.txt Overview -------- D-Link DGS-1250 switch is susceptible to a header injection...

CVE-2019-5401

A potential security vulnerability has been identified in HP2910al-48G version W.15.14.0016. The attack exploits an xss injection by setting the attack vector in one of the switch persistent configuration fields management URL, location, contact. But admin privileges are required to configure the...

XenServer Loses Network connectivity on Pool join (LACP bond entry incomplete)

Upon adding a host to an existing Pool configured with NIC Bonding of type LACP , the newly added host's NIC bond entry never finishes updating, as seen on the image below, where the Management interface never merges with the bond. The previous NIC remains as IP Setup None and the bond shows...