CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-40683
https://notcve.org/view.php?id=CVE-2021-40683
In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. En Akamai EAA (Enterprise Application Access) Client versiones anteriores a 2.3.1, versiones 2.4.x anteriores a 2.4.1 y versiones 2.5.x anteriores a 2.5.3, una ruta no citada puede permitir a un atacante secuestrar el flujo de ejecución • https://akamai.com/blog/news/eaa-client-escalation-of-privilege-vulnerability https://www.akamai.com/products/enterprise-application-access • CWE-428: Unquoted Search Path or Element •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-18847
https://notcve.org/view.php?id=CVE-2019-18847
Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. Enterprise Access Client Auto-Updater, permite una ejecución de código remota en versiones anteriores a versión 2.0.1 • https://blogs.akamai.com/2020/08/enterprise-application-access-client-eaa-vulnerability-cve-2019-18847.html https://blogs.akamai.com/sitr • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-11011
https://notcve.org/view.php?id=CVE-2019-11011
Akamai CloudTest before 58.30 allows remote code execution. Akamai CloudTest anterior a versión 58.30, permite la ejecución remota de código. • https://blogs.akamai.com/sitr/2019/06/cloudtest-vulnerability-cve-2019-11011.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10157
https://notcve.org/view.php?id=CVE-2016-10157
Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space. Akamai NetSession 1.9.3.1 es vulnerable a DLL Hijacking: trata de cargar CSUNSAPI.dll sin suministrar la ruta completa. El problema es agravado porque la DLL mencionada está desaparecida de la instalación, haciendo posible secuestrar la DLL y posteriormente inyectar código dentro del espacio de proceso Akamai NetSession. • http://www.securityfocus.com/bid/95995 https://packetstormsecurity.com/files/140366/Akamai-NetSession-1.9.3.1-DLL-Hijacking.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2009-2582
https://notcve.org/view.php?id=CVE-2009-2582
Stack-based buffer overflow in manager.exe in Akamai Download Manager (aka DLM or dlmanager) before 2.2.4.8 allows remote web servers to execute arbitrary code via a malformed HTTP response during a Redswoosh download, a different vulnerability than CVE-2007-1891 and CVE-2007-1892. Desbordamiento de búfer basado en pila en manager.exe en Akamai Download Manager(también conocido como DLM or dlmanager) anterior a v2.2.4.8, permite a servidores web remotos ejecutar código de su elección mediante una respuesta HTTP mal formada durante la descarga de un "Redswoosh". Vulnerabilidad distinta de CVE-2007-1891 y CVE-2007-1892. • http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0351.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=813 http://secunia.com/advisories/35951 http://www.akamai.com/html/support/security.html http://www.securityfocus.com/archive/1/505187/100/0/threaded http://www.securityfocus.com/bid/35778 http://www.securitytracker.com/id?1022592 http://www.vupen.com/english/advisories/2009/1985 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •