19 matches found
EUVD-2014-7263
Malware in sbrugna...
EUVD-2021-32620
Malicious code in bioql PyPI...
SUSE CVE-2024-47187
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...
Arista EOS 安全漏洞
Arista EOS is a fully programmable, highly modular, Linux-based network operating system from Arista Corporation. A security vulnerability exists in Arista EOS that stems from untagged packets not hitting the expected traffic policy rules, which could result in packets being sent to unexpected...
CVE-2024-47187 Suricata datasets: missing hashtable random seed leads to potential DoS
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...
CVE-2022-20952
A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance WSA, could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked...
OpenWrt Cross-Site Scripting Vulnerability (CNVD-2022-00600)
OpenWrt, a Linux operating system for embedded devices, is vulnerable to a cross-site scripting vulnerability in OpenWrt version 21.02.1, which stems from the lack of effective filtering and escaping of user-submitted parameters in the Traffic Rules Name screen. No detailed vulnerability details...
CVE-2021-45905
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen...
CVE-2021-45905
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen...
Cross site scripting
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen...
CVE-2021-45905
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen...
CVE-2021-45905
Concretely, CVE-2021-45905 affects OpenWrt 21.02.1 and is an XSS in the Traffic Rules Name screen caused by insufficient input filtering/escaping. The vulnerability has a demonstrated impact on confidentiality/integrity via client-side script injection, with CVSS values (2.0: 3.5/LOW; 3.1: 5.4/ME...
PT-2021-6849 · Openwrt · Openwrt
Name of the Vulnerable Software and Affected Versions: OpenWrt version 21.02.1 Description: The issue exists due to inadequate protection of the web page structure in the OpenWrt embedded operating system. This allows for a potential Cross-Site Scripting XSS attack via the Traffic Rules Name...
PT-2021-4621 · Cisco · Cisco Ftd
Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the payload inspection for Ethernet Industrial Protocol ENIP traffic could allow an unauthenticated, remote attacker to bypass...
Information disclosure
The Russian Federation Traffic Rules aka com.russia.pdd application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7392
The Russian Federation Traffic Rules aka com.russia.pdd application 1.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-7392
The CVE refers to the Android app Russian Federation Traffic Rules (com.russia.pdd), version 1.21, which does not verify X.509 certificates from SSL servers. This misconfiguration allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. The u...
Throttling Rules Not Being Applied
Challenge A configured Network Throttling rule does not appear to be taking effect. Solution Traffic can only be throttled between backup infrastructure components where the Veeam Data Movers are deployed. These components differ depending on a data protection scenario. For more information, revi...
PT-2010-1833 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.33-rc4 Description: The issue allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering. This is due to the ebtables module in the netfilter framework not...