Monthly
Cookie attribute injection in elixir-plug's Plug library allows a remote attacker who can supply values reflected into `Set-Cookie` headers to inject the `;` delimiter and override attributes such as `Domain`, `Path`, `Secure`, and `HttpOnly`. Applications calling `Plug.Conn.put_resp_cookie/4` with user-controlled data - for example, reflecting a username or preference value - are exposed to session fixation and cookie tossing across five supported release lines (0.1.0 through 1.20.2). No public exploit code or CISA KEV listing is present at time of analysis, but the attack is mechanically straightforward wherever the vulnerable code pattern exists.
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions <. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
A vulnerability has been identified in SICAM T (All versions < V3.0). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.
Cookie attribute injection in elixir-plug's Plug library allows a remote attacker who can supply values reflected into `Set-Cookie` headers to inject the `;` delimiter and override attributes such as `Domain`, `Path`, `Secure`, and `HttpOnly`. Applications calling `Plug.Conn.put_resp_cookie/4` with user-controlled data - for example, reflecting a username or preference value - are exposed to session fixation and cookie tossing across five supported release lines (0.1.0 through 1.20.2). No public exploit code or CISA KEV listing is present at time of analysis, but the attack is mechanically straightforward wherever the vulnerable code pattern exists.
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.10), SICAM P850 (7KG8500-0AA10-0AA0) (All versions <. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
A vulnerability has been identified in SICAM T (All versions < V3.0). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A vulnerability has been identified in SICAM T (All versions < V3.0). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.