38 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: powerpc/secvar: A refcount leak has been fixed in formatshow. A refcount leak occurs when formatshow returns an error in multiple cases. Unified management of ofnodeput can fix this issue...
CVE-2026-24032
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...
CVE-2026-24032
A vulnerability has been identified in SINEC NMS All versions V4.0 SP3 with UMC. The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and gain...
CVE-2024-25657
An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform UMP 23.07.0.16567LTS could allow attackers to redirect authenticated users to malicious websites...
CVE-2024-25654
Insecure permissions for log files of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allow members with local access to the UMP application server to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database...
CVE-2024-25656
Improper input validation in AVSystem Unified Management Platform UMP 23.07.0.16567LTS can result in unauthenticated CPE Customer Premises Equipment devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and,...
CVE-2024-25655
Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allows members with read access to the application database to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP...
Siemens多款产品 缓冲区错误漏洞
Siemens SINEMA Remote Connect and others are products of Siemens, Germany.Siemens SINEMA Remote Connect is a set of remote management platforms.Siemens SINEC NMS is a network management system NMS.Siemens SIMATIC PCS is a process control system. A buffer error vulnerability exists in several...
The vulnerability in the web-based interface of UserGate Next-Generation Firewall (NGFW), the unified management center UserGate Management Center (UGMC), the log collection system UserGate Log Analyzer (LogAn), and the event tracking and analysis tool UserGate Security Information and Event Management (SIEM) allows a perpetrator to execute injection requests and trigger built-in database functions.
The vulnerability in the web-based interface of the UserGate Next-Generation Firewall NGFW, the unified management center UserGate Management Center UGMC, and the log collection system UserGate Log Analyzer LogAn is related to insufficient validation of input data. Exploiting this vulnerability...
DEBIAN-CVE-2022-49113
In the Linux kernel, the following vulnerability has been resolved: powerpc/secvar: fix refcount leak in formatshow Refcount leak will happen when formatshow returns failure in multiple cases. Unified management of ofnodeput can fix this problem...
PT-2024-23494 · Jnt Telecom · Jnt Liftcom Ums
Name of the Vulnerable Software and Affected Versions: JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 Description: An issue in the software allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. Recommendations: For JNT Telecom JNT Liftcom UMS V1.J...
CVE-2024-25657
An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform UMP 23.07.0.16567LTS could allow attackers to redirect authenticated users to malicious websites...
CVE-2024-25654
Insecure permissions for log files of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allow members with local access to the UMP application server to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database...
CVE-2024-25656
Improper input validation in AVSystem Unified Management Platform UMP 23.07.0.16567LTS can result in unauthenticated CPE Customer Premises Equipment devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and,...
CVE-2024-25654
CVE-2024-25654 affects AVSystem Unified Management Platform (UMP) version 23.07.0.16567~LTS. The root cause is insecure permissions on log files, which, for users with local access to the UMP application server, can expose credentials used to authenticate to all services and can enable decryption...
PT-2024-21073 · Avsystem · Avsystem Unified Management Platform
Name of the Vulnerable Software and Affected Versions: AVSystem Unified Management Platform UMP version 23.07.0.16567LTS Description: An open redirect in the Login/Logout functionality of web management could allow attackers to redirect authenticated users to malicious websites. Recommendations:...
CVE-2024-25657
CVE-2024-25657 affects AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS. An open redirect exists in the Login/Logout web management flow, potentially causing authenticated users to be redirected to malicious websites. The initial entry reports a CVSSv3.1 base score of 5.4 (Medium) wit...
AVSystem Unified Management Platform Security Vulnerability
AVSystem Unified Management Platform is a comprehensive management platform from AVSystem designed to help enterprises, service providers and carriers manage and monitor their network devices, Internet of Things IoT devices and services. A security vulnerability exists in AVSystem Unified...
CVE-2024-25654
Insecure permissions for log files of AVSystem Unified Management Platform UMP 23.07.0.16567LTS allow members with local access to the UMP application server to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database...
CVE-2024-25656
Improper input validation in AVSystem Unified Management Platform UMP 23.07.0.16567LTS can result in unauthenticated CPE Customer Premises Equipment devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and,...