Lucene search
+L

92 matches found

cvelist
cvelist
added 2025/01/15 10:0 a.m.20 views

CVE-2024-12297 Frontend Authorization Logic Disclosure Vulnerability

Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable...

9.2CVSS0.00818EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/01/08 12:0 a.m.5 views

Hewlett Packard Enterprise CX 10000 安全漏洞

The Hewlett Packard Enterprise CX 10000 HPE CX 10000 is a series of switches from Hewlett Packard Enterprise USA. A security vulnerability exists in the Hewlett Packard Enterprise CX 10000 that stems from a firewall component that allows an unauthenticated adjacent attacker to perform packet...

3.4CVSS6.7AI score0.00236EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/09/30 12:0 a.m.12 views

PT-2024-39028 · Planet Technology · Planet Technology Switch

Name of the Vulnerable Software and Affected Versions: PLANET Technology switch models affected versions not specified Description: The issue concerns certain switch models from PLANET Technology that store SNMPv3 users' passwords in plaintext within the configuration files. This allows remote...

7.2CVSS6.9AI score0.00337EPSS
Exploits0References10
bdu_fstec
bdu_fstec
added 2024/08/01 12:0 a.m.12 views

The vulnerability of Moxa EDS-510A switch microprogramming software, related to the use of cryptographic algorithms containing defects, allows attackers to exploit their privileges.

The vulnerability of Moxa EDS-510A microcontroller software is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...

10CVSS5.5AI score
Exploits0References1Affected Software1
bdu_fstec
bdu_fstec
added 2024/07/31 12:0 a.m.6 views

The vulnerability of the Ruijie EG-2000SE switch’s microprogramming software lies in the fact that passwords are stored in an open manner, allowing attackers to reset the passwords.

The vulnerability of the Ruijie EG-2000SE switch’s microprogramming software lies in the fact that passwords are stored in an open manner at /data/config.text. Exploiting this vulnerability allows a malicious actor to remotely reset the passwords...

3.5CVSS5.5AI score0.00388EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2024/06/12 12:0 a.m.4 views

PT-2024-21238 · Dell · Dell Os10 Networking Switches

Name of the Vulnerable Software and Affected Versions: Dell OS10 Networking Switches versions 10.5.3.x through 10.5.6.x Description: The issue is related to an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability, leading to escalation...

8.8CVSS7AI score0.00444EPSS
Exploits0References5
osv
osv
added 2024/06/04 8:5 p.m.11 views

CVE-2024-23326 Envoy incorrectly accepts HTTP 200 response for entering upgrade mode

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230section-6.7 a server sends 101 when switching...

5.9CVSS6.1AI score0.00361EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2024/03/25 12:0 a.m.6 views

The vulnerability of the microprogrammed software of the cloud-controlled switch Ruijie Reyee series RG-ES200 allows a intruder to execute arbitrary code.

The vulnerability of the microprogrammed cloud-controlled switch Ruijie Reyee series RG-ES200 is related to the lack of measures taken to neutralize special elements used in the OS command. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

7.5CVSS7.6AI score0.02772EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/03/06 12:0 a.m.7 views

Cisco Small Business Security Vulnerabilities

Cisco Small Business is a switch from Cisco. A security vulnerability exists in Cisco Small Business that stems from a flaw in the web-based management interface that could allow an authenticated, remote attacker to perform a command injection attack on an affected device...

6.5CVSS7.3AI score0.00997EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/09/27 12:0 a.m.5 views

Cisco Catalyst SD-WAN Manager Security Vulnerability

Cisco Catalyst is a family of switches from Cisco USA. A security vulnerability exists in Cisco Catalyst SD-WAN Manager, which stems from a vulnerability in the SSH service, where an unauthenticated, remote attacker could cause the process to crash, resulting in a DoS condition for SSH access onl...

7.5CVSS6.8AI score0.00744EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/08/29 12:0 a.m.9 views

PT-2023-26858 · Aruba · Arubaos-Switch

Name of the Vulnerable Software and Affected Versions: ArubaOS-Switch affected versions not specified Description: A memory corruption issue could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation results in the ability to execute...

9.8CVSS9.8AI score0.00728EPSS
Exploits0References7
prion
prion
added 2023/04/12 8:15 p.m.18 views

Design/Logic Flaw

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine Sfe can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually st...

5CVSS7.3AI score0.00682EPSS
Exploits1References1Affected Software1
hpe
hpe
added 2023/03/08 12:0 a.m.5 views

HPESBNW04398 rev.1 - HPE FlexFabric 5700 Switches, Multiple Vulnerabilities

Potential Security Impact: Remote: URL Redirection, Host Header Injection SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE FlexFabric 5700 Switch Series - Prior to R2432P61 CVSS Scores: | CVE | CVSS Vector | Base Score | | --- | --- | --- | | CVE-2022-37940 |...

6.1CVSS6.1AI score0.00329EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2023/02/06 12:0 a.m.7 views

The vulnerability of TP-Link SG105PE microcontroller software, related to deficiencies in authentication procedures, allows attackers to bypass the authentication process.

The vulnerability of TP-Link SG105PE switch’s microprogramming software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...

4.2CVSS6.4AI score0.00945EPSS
Exploits0References4
cnnvd
cnnvd
added 2023/02/02 12:0 a.m.5 views

MOXA SDS-3008 跨站脚本漏洞

Moxa SDS-3008 is a series of industrial switches from MOXA China. The Moxa SDS-3008 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to send a specially crafted HTTP request resulting in arbitrary Javascript execution...

5.4CVSS6.4AI score0.01084EPSS
Exploits1References4
attackerkb
attackerkb
added 2022/09/06 6:15 p.m.6 views

CVE-2022-23680

AOS-CX lacks Anti-CSRF protections in place for state-changing operations. This can potentially be exploited by an attacker to execute commands in the context of another user in ArubaOS-CX Switches versions: AOS-CX 10.10.xxxx: 10.10.0002 and below, AOS-CX 10.09.xxxx: 10.09.1020 and below, AOS-CX...

8.8CVSS7.3AI score0.00371EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2022/05/04 12:0 a.m.8 views

The vulnerability of microprogrammed software in ERS3500, ERS3600, ERS4900, and ERS5900 switches is related to errors in handling HTTP headers. This vulnerability allows attackers to execute arbitrary code.

The vulnerability of microprogrammed software in ERS3500, ERS3600, ERS4900, and ERS5900 switches is related to errors in handling HTTP headers. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS5.9AI score
Exploits0References2
cnnvd
cnnvd
added 2022/04/12 12:0 a.m.4 views

多款 Siemens 产品安全特征问题漏洞

SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human-machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions.A security vulnerability exists in Siemens SCALANCE X-300 Switch Family Devices tha...

9.8CVSS8.2AI score0.01397EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/04/05 12:0 a.m.3 views

Digital China Networks S4600-10P-SI 操作系统命令注入漏洞

The Digital China Networks S4600-10P-SI is a switch from Digital China Networks Beijing Co. A security vulnerability exists in DCN Digital China Networks S4600-10P-SI versions prior to R0241.0470, which stems from incorrect validation of parameters in the console interface. An authenticated,...

7.4CVSS7.5AI score0.00614EPSS
Exploits1References4
cnnvd
cnnvd
added 2021/12/01 12:0 a.m.4 views

firefly-iii 跨站请求伪造漏洞

firefly-iii is a free and open source personal finance manager. firefly-iii suffers from a cross-site request forgery vulnerability, which can be exploited by attackers via /transactions/link/switch/id...

4.3CVSS4.9AI score0.00429EPSS
Exploits1References3
Rows per page
Query Builder