securecomputing 漏洞与 CVE 列表(17)

产品(CPE): — CVE 数: 17

securecomputing 漏洞概览

汇总 securecomputing 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

历史漏洞主要涉及 CSRF与路径处理缺陷 等问题,部分漏洞可能导致 应用崩溃,并影响 软件部署与生产负载 相关场景。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 11717 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2020-36909 SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory. [email protected] 8.7 0.64% 2026-01-06 2026-06-16
CVE-2020-36908 SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page. [email protected] 5.1 0.23% 2026-01-06 2026-06-16
CVE-2007-4043 file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files. [email protected] 9.8 1.56% 2007-07-27 2026-06-16
CVE-2007-3986 file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files. [email protected] 5.0 1.72% 2007-07-25 2026-06-16
CVE-2007-3985 Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter. [email protected] 5.0 1.91% 2007-07-25 2026-06-16
CVE-2006-5303 Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading (1) base-64 encoded data in SERVERS\Web\Tomcat\usercenter\WEB-INF\login.conf and (2) plaintext data in SERVERS\Shared\signers.cfg. NOTE: the provenance of this information is unknown; the details are obtained from third party information. [email protected] 2.1 0.19% 2006-10-17 2026-06-16
CVE-2006-4613 Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018. [email protected] 7.8 1.77% 2006-09-06 2026-06-16
CVE-2005-0865 Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi. [email protected] 7.5 1.73% 2005-05-02 2026-06-16
CVE-2005-0864 The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. [email protected] 5.0 1.53% 2005-05-02 2026-06-16
CVE-2004-2545 Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure. [email protected] 5.0 1.57% 2004-12-31 2026-06-16
CVE-2004-2544 Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when exporting firewall certificates, which might allow attackers to obtain sensitive information. [email protected] 2.1 0.22% 2004-12-31 2026-06-16
CVE-2004-2543 Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MIME messages to the mail filter. NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure. [email protected] 5.0 1.85% 2004-12-31 2026-06-16
CVE-2004-2399 Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries. [email protected] 5.0 1.23% 2004-12-31 2026-06-16
CVE-2004-0112 The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. [email protected] 5.0 10.42% 2004-11-23 2026-06-16
CVE-2004-0081 OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. [email protected] 5.0 7.23% 2004-11-23 2026-06-16
CVE-2004-0079 The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. [email protected] 7.5 9.54% 2004-11-23 2026-06-16
CVE-2004-1970 Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message. [email protected] 7.5 1.46% 2004-04-26 2026-06-16
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence