Lucene search
K

90 matches found

NVD
NVD
added 2024/03/13 6:15 p.m.36 views

CVE-2024-2433

An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interfa...

4.3CVSS4.6AI score0.00568EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/06 12:0 a.m.7 views

GL.iNet Router Security Vulnerability

GL.iNet Router is a series of routers from China's Guanglian Zhitong GL.iNet. A security vulnerability exists in the GL.iNet Router 4.x firmware version, which originated from a vulnerability that allows an attacker to bypass authentication and gain access to the router's web interface...

7AI score0.00764EPSS
Exploits3References1
NCSC
NCSC
added 2024/01/11 12:0 a.m.51 views

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution Administrator/Root rights SQL Injection Access...

9.8CVSS7.3AI score0.01604EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/12/23 12:0 a.m.19 views

GLSA-202312-11 : SABnzbd: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202312-11 SABnzbd: Remote Code Execution - SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the...

9.8CVSS9.1AI score0.01731EPSS
Exploits0References3
OSV
OSV
added 2023/07/19 3:15 p.m.4 views

CVE-2023-3638

In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application...

9.8CVSS5.8AI score0.00583EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.5 views

PT-2023-5481 · Advantech · Eki-1522 +2

Name of the Vulnerable Software and Affected Versions: Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 Description: The issue is related to a Stored Cross-Site Scripting vulnerability. This vulnerability can be triggered by authenticated users in the device name field of the...

9CVSS5.3AI score0.00818EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.31 views

Siemens SCALANCE W1750D Cryptographic Issues (CVE-2017-13099)

wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as ROBOT. This plugin only works with Tenable.ot...

7.5CVSS6.8AI score0.24922EPSS
Exploits0References8
OSV
OSV
added 2023/02/13 5:15 p.m.5 views

CVE-2022-3089

Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file...

9.8CVSS5.8AI score0.0025EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.5 views

PT-2023-16029 · Unknown · Control Id Panel +1

Name of the Vulnerable Software and Affected Versions: Control iD Gerencia Web version 1.30 Control iD Panel affected versions not specified Description: A vulnerability was found in the Web Interface component, where the manipulation of the Nome argument leads to cross-site scripting. The attack...

6.1CVSS6.6AI score0.00501EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/11/17 10:27 p.m.8 views

CVE-2022-36785 D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass.

D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains defaul...

7.5CVSS7.3AI score0.01894EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/10/12 12:0 a.m.3 views

PT-2022-5103 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: PAN-OS versions prior to 8.1.24 Description: The issue is related to an authentication bypass vulnerability in the web interface of PAN-OS, which allows a network-based attacker with specific knowledge of the target firewall or Panorama...

8.1CVSS8AI score0.0083EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/09/14 12:0 a.m.25 views

PT-2022-6448 · Fortinet · Fortinac

Name of the Vulnerable Software and Affected Versions: Fortinet FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.8, 9.2.0 through 9.2.5, 9.4.0 Description: The issue is related to an improper neutralization of input...

7.6CVSS5.4AI score0.00514EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/04/27 12:0 a.m.6 views

多款Cisco产品安全漏洞

Cisco Firepower Threat Defense and Cisco Adaptive Security Appliances Software are both products of Cisco, Inc. Cisco Adaptive Security Appliances Software is a firewall and network security platform. The platform provides highly secure access to data and network resources, among other...

8.8CVSS5.7AI score0.28369EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/03/30 12:0 a.m.7 views

TotoLink EX300 访问控制错误漏洞

TOTOLINK EX300 is a 300 Mbps wireless N range extender from TotoLink, China, and TOTOLINK EX1200T is a Wi-Fi range extender from Gion Electronics TOTOLINK, China.An access control error vulnerability exists in TOTOLINK EX300v2 and EX1200T. The vulnerability stems from the fact that the device web...

8.8CVSS5.7AI score0.04263EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.21 views

Siemens Reyrolle Improper Authentication (CVE-2016-7114)

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01;Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104 f...

9CVSS7.2AI score0.02113EPSS
Exploits0References8
OSV
OSV
added 2021/08/04 4:15 p.m.5 views

CVE-2021-26097

An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTT...

8.8CVSS7.4AI score0.01165EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/16 12:0 a.m.8 views

SolarWinds N-Central 信任管理问题漏洞

SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...

7.8CVSS7.1AI score0.00424EPSS
Exploits0References4
CNVD
CNVD
added 2020/01/21 12:0 a.m.3 views

SQL Injection Vulnerability in Multiple Honeywell Products

Honeywell Maxpro VMS & NVR is a Honeywell security solution. A SQL injection vulnerability exists in multiple Honeywell products, which can be exploited by attackers to gain unauthorized access to the web user interface...

9.8CVSS8.2AI score0.0114EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/12 12:0 a.m.3 views

GitLab Authorization Issues Vulnerability (CNVD-2020-20442)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab...

8.8CVSS6.7AI score0.01884EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/09 12:0 a.m.8 views

Moxa OnCell G3100-HSPA Security Bypass Vulnerability

Moxa OnCell G3100-HSPA is a G3100-HSPA series cellular network gateway device from Moxa, Taiwan, China. A security vulnerability exists in Moxa OnCell G3100-HSPA 1.4 Build 16062919 and earlier versions. The vulnerability can be exploited by an attacker to bypass authentication and access the web...

9.8CVSS7.2AI score0.01841EPSS
Exploits0References1
Rows per page
Query Builder