An open redirect is present on the gateway’s login page, which could cause a user to be redirected to a malicious site after logging in. Source: NIST CVE-2020-6803

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH …

A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user’s authentication token. When combined with CVE-2020-6803, an attacker could …

Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific …

BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML. Source: NIST CVE-2019-4301

A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the …

Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10. Source: DarkReading New Trickbot Delivery Method Focuses on Windows 10

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input …

Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, …

serial-number through 1.3.0 allows execution of arbritary commands. The “cmdPrefix” argument in serialNumber function is used by the “exec” function without any validation. Source: NIST CVE-2019-10804