Authentication Bypass

keylime is vulnerable to Authentication Bypass. The vulnerability is due to insufficient validation during agent registration, where a malicious actor can register a new agent with a different TPM while reusing an existing agent’s UUID, allowing the attacker to overwrite the legitimate agent...

PT-2024-9568 · Veeam · Veeam Backup & Replication

Name of the Vulnerable Software and Affected Versions: Veeam Backup & Replication affected versions not specified Description: A series of related high-severity vulnerabilities in Veeam Backup & Replication enables remote code execution RCE as the service account and extraction of sensitive...

Vulnerability of FortiOS operating systems and FortiProxy proxy servers in protecting against internet attacks, due to insufficient protection of registration data, allowing attackers to perform arbitrary actions.

The vulnerability of the FortiOS operating systems and the proxy server used for protecting against Internet attacks related to FortiProxy lies in the insufficient protection of registration data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, provided...

The vulnerability of the web interface of the microprogramming software for the Distribution Power Unit (PDU) Aten PE8108, which allows a hacker to gain access to the account data via Telnet and SNMP.

The vulnerability of the web interface of the microprogramming software for the Distribution Processing Unit PDU Aten PE8108 is related to insufficient protection of registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the registration data...

The vulnerabilities of the programming software for PLCs (programmable logic controllers), the configuration software SCADAPack RemoteConnect, and the automation system for technological processes EcoStruxure Process Expert allow a intruder to gain unauthorized access to project files.

The vulnerabilities of the programming software for PLCs programmable logic controllers, the configuration software SCADAPack RemoteConnect, and the automation system for technological processes EcoStruxure Process Expert are related to insufficient protection of registration data. Exploiting the...

The vulnerabilities of Azure cloud services include those related to BIG-IP Application Security Manager, a device for securing applications; BIG-IP Access Policy Manager, a device for controlling access and remote authentication; BIG-IP Link Controller, a device for balancing internet traffic; BIG-IP Policy Enforcement Manager, a device for controlling and managing network traffic; BIG-IP Local Traffic Manager, a device for balancing local traffic; BIG-IP DNS, a device for securing web services; BIG-IP WebSafe, a device for securing web services; BIG-IP Advanced Firewall Manager, a device for providing network firewalls; and BIG-IP Application Acceleration Manager, a device for accelerating application processing. These vulnerabilities allow attackers to gain access to the BIG-IP host.

The vulnerability in Azure’s application security protection services—BIG-IP Application Security Manager, BIG-IP Access Policy Manager for access control and remote authentication, BIG-IP Link Controller for Internet traffic balancing, BIG-IP Policy Enforcement Manager for network traffic contro...