Lucene search
+L
NozomiMost viewed

59 matches found

NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.5 views

Disabled and non-configurable TLS certificate validation in n2os-tui when connecting the Remote Collector to a Guardian or CMC, in Remote Collector before v26.2.0

Summary When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. Impact A malicious actor could perform a man-in-the-middle attack and intercept the...

8.3CVSS6AI score0.00121EPSS
Exploits0Affected Software1
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.5 views

Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0

Summary An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. Impact An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for...

7.1CVSS5.9AI score0.00167EPSS
Exploits0Affected Software2
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.5 views

Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0

Summary A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. Impact An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the...

6.9CVSS6AI score0.00235EPSS
Exploits0Affected Software2
NOZOMI
NOZOMI
added 2025/10/07 12:0 a.m.5 views

Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0

Summary A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. Impact An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing...

6.5CVSS8.1AI score0.00223EPSS
Exploits0Affected Software2
NOZOMI
NOZOMI
added 2025/10/07 12:0 a.m.5 views

Incorrect authorization for CLI in Guardian/CMC before 25.2.0

Summary An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. Impact An authenticated user with limited privileges can issue administrative CLI commands, altering the device...

8.1CVSS6.6AI score0.0025EPSS
Exploits0Affected Software2
NOZOMI
NOZOMI
added 2025/10/07 12:0 a.m.5 views

Client-side path traversal in Guardian/CMC before 25.2.0

Summary A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. Impact An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a...

7.9CVSS5.9AI score0.0021EPSS
Exploits0Affected Software2
NOZOMI
NOZOMI
added 2025/10/07 12:0 a.m.5 views

Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0

Summary A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. Impact An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthoriz...

6.5CVSS8.1AI score0.00223EPSS
Exploits0Affected Software2
NOZOMI
NOZOMI
added 2019/11/11 12:0 a.m.5 views

CSV Injection on node label

Summary CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. An authenticated malicious user can insert a crafted formula in the node label that can be later executed on another system after another user has downloaded and opened the node li...

8CVSS6.6AI score
Exploits0Affected Software2
NOZOMI
NOZOMI
added 2019/11/11 12:0 a.m.5 views

Stored XSS in field name data model

Summary An attacker with admin access to the appliance can inject malicious code that will later be executed by another legitimate users. This allows an attacker to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible using the field name when adding new...

7.6CVSS7.3AI score
Exploits0Affected Software2
Total number of security vulnerabilities59