45 results (0.009 seconds)

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

14 Jan 2025 — Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ for Intel Kaby Lake: before 4.0.1.1012; SecureCore™ for Intel Coffee Lake: before 4.1.0.568; SecureCore™ for Intel Comet Lake: before 4.2.1.292; SecureCore™ for Intel Ice Lake: before 4.2.0.334. • https://www.phoenix.com/phoenix-security-notifications/cve-2024-29980 • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0

14 Jan 2025 — Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ for Intel Kaby Lake: before 4.0.1.1012; SecureCore™ for Intel Coffee Lake: before 4.1.0.568; SecureCore™ for Intel Comet Lake: before 4.2.1.292; SecureCore™ for Intel Ice Lake: before 4.2.0.334. • https://www.phoenix.com/phoenix-security-notifications/cve-2024-29979 • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

14 Jan 2025 — An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access. • https://cert.vde.com/en/advisories/VDE-2024-070 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.5EPSS: 0%CPEs: 36EXPL: 0

10 Sep 2024 — A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS. • https://cert.vde.com/en/advisories/VDE-2024-039 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 8.5EPSS: 0%CPEs: 36EXPL: 0

10 Sep 2024 — A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP environment variable which can lead to a DoS. A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.... • https://cert.vde.com/en/advisories/VDE-2024-039 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 8.5EPSS: 0%CPEs: 36EXPL: 0

10 Sep 2024 — A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS. A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS. • https://cert.vde.com/en/advisories/VDE-2024-039 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 8.5EPSS: 0%CPEs: 36EXPL: 0

10 Sep 2024 — A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS. • https://cert.vde.com/en/advisories/VDE-2024-039 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 8.5EPSS: 0%CPEs: 36EXPL: 0

10 Sep 2024 — A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS. • https://cert.vde.com/en/advisories/VDE-2024-039 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.0EPSS: 0%CPEs: 36EXPL: 0

10 Sep 2024 — A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation. • https://cert.vde.com/en/advisories/VDE-2024-039 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.0EPSS: 0%CPEs: 36EXPL: 0

10 Sep 2024 — A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices. • https://cert.vde.com/en/advisories/VDE-2024-039 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •