CVE-2022-0675 – Puppet Firewall Module May Leave Unmanaged Rules
https://notcve.org/view.php?id=CVE-2022-0675
In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. En determinadas situaciones es posible que se presente una regla no administrada en el sistema objetivo que tenga el mismo comentario que la regla especificada en el manifiesto. Esto podría permitir la existencia de reglas no administradas en el sistema objetivo y dejar el sistema en un estado no seguro A flaw was found in the Puppet Firewall module. In certain situations, an unmanaged rule can exist on the target system that has the same comment as a rule specified in the manifest. • https://puppet.com/security/cve/CVE-2022-0675 https://access.redhat.com/security/cve/CVE-2022-0675 https://bugzilla.redhat.com/show_bug.cgi?id=2071567 • CWE-20: Improper Input Validation CWE-1289: Improper Validation of Unsafe Equivalence in Input •
CVE-2019-14270
https://notcve.org/view.php?id=CVE-2019-14270
Comodo Antivirus through 12.0.0.6870, Comodo Firewall through 12.0.0.6870, and Comodo Internet Security Premium through 12.0.0.6870, with the Comodo Container feature, are vulnerable to Sandbox Escape. Comodo Antivirus hasta la versión 12.0.0.6870, Comodo Firewall hasta la versión 12.0.0.6870, y Comodo Internet Security Premium hasta la versión 12.0.0.6870, con la característica Comodo Container, son vulnerables a un escape del Sandbox. • https://gaissecurity.com/yazi/discovery-of-sandbox-escape-on-comodo-container-antivirus-amp-firewall •
CVE-2012-4923 – Endian Firewall 2.4 - 'dansguardian.cgi?addrule' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4923
Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Endian Firewall 2.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) createrule sobre dnat.cgi, (2) addrule sobre dansguardian.cgi, o (3) PATH_INFO sobre openvpn_users.cgi. • https://www.exploit-db.com/exploits/36833 https://www.exploit-db.com/exploits/36832 https://www.exploit-db.com/exploits/36831 http://packetstormsecurity.org/files/109942/Endian-UTM-Firewall-2.4.x-Cross-Site-Scripting.html http://www.securityfocus.com/bid/52076 http://www.vulnerability-lab.com/get_content.php?id=436 https://exchange.xforce.ibmcloud.com/vulnerabilities/73330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-0475 – Palo Alto Network Vulnerability - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0475
Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en esp/editUser.esp en el firewall Palo Alto Networks 3.0.x en versiones anteriores a la 3.0.9 y 3.1.x en versiones anteriores a la 3.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "role". Palo Alto Network suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/12660 http://archives.neohapsis.com/archives/bugtraq/2010-05/0086.html http://www.jeromiejackson.com/index.php?view=article&id=83:palo-alto-cross-site-scripting-vulnerability&tmpl=component&print=1&layout=default&page= http://www.securityfocus.com/bid/40113 https://exchange.xforce.ibmcloud.com/vulnerabilities/58624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-0494
https://notcve.org/view.php?id=CVE-2008-0494
Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de Cross-site scripting (XSS) en vpnum/userslist.php en Endian Firewall 2.1.2 permite a atacantes remotos inyectar script web o HTML a su elección mediante el parámetro psearch. NOTA: la procedencia de esta información es desconocida; los detalles se obtienen únicamente de información de terceros. • http://downloads.securityfocus.com/vulnerabilities/exploits/27477.html http://www.securityfocus.com/bid/27477 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •