Monthly
Improper neutralization in OX Dovecot Pro's safe filter allows injection attacks when variable expansion is used, bypassing input sanitization on subsequent pipelines. Network-accessible attackers can exploit this filter logic flaw to inject malicious SQL or LDAP queries during authentication workflows, potentially enabling unauthorized access or data exfiltration. CVSS 7.4 with network vector but high complexity. No public exploit code identified at time of analysis, though vendor advisory confirms the vulnerability enables SQL/LDAP injection in authentication contexts.
Improper validation of malformed SCP requests in Cisco IOS XE Software allows authenticated local attackers to trigger unexpected device reloads and cause service disruption. An attacker with low privileges can exploit this vulnerability by sending a crafted SSH command to the SCP server component. No patch is currently available for this denial of service vulnerability.
Improper neutralization in OX Dovecot Pro's safe filter allows injection attacks when variable expansion is used, bypassing input sanitization on subsequent pipelines. Network-accessible attackers can exploit this filter logic flaw to inject malicious SQL or LDAP queries during authentication workflows, potentially enabling unauthorized access or data exfiltration. CVSS 7.4 with network vector but high complexity. No public exploit code identified at time of analysis, though vendor advisory confirms the vulnerability enables SQL/LDAP injection in authentication contexts.
Improper validation of malformed SCP requests in Cisco IOS XE Software allows authenticated local attackers to trigger unexpected device reloads and cause service disruption. An attacker with low privileges can exploit this vulnerability by sending a crafted SSH command to the SCP server component. No patch is currently available for this denial of service vulnerability.