Alerts

Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)

VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version...

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are...

A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network...

An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect...

A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker...