Category: Vulnerability
-
Palo Alto Networks PAN-OS security vulnerability (CVE-2024-3400)
CVE-2024-3400 is a critical command injection vulnerability in PAN-OS of Palo Alto Networks, specifically affecting devices with the GlobalProtect feature. When GlobalProtect is configured as a gateway or portal, an attacker could exploit this vulnerability remotely, enabling unauthorized command execution with root privileges on the device.Palo Alto Networks has rated this vulnerability at the highest…
-
Robotic Operating System 2 (ROS2) security vulnerability (CVE-2024-25196)
CVE-2024-25196 is a critical buffer overflow vulnerability discovered in Open Robotics’ Robotic Operating System 2 (ROS2) and the Navigation2 (Nav2) framework, specifically in the Humble version. The issue occurs in the nav2_controller process when it processes .yaml configuration files. A specially crafted .yaml file with excessively large data can cause the allocated buffer to overflow,…
-
Darktrace Threat Visualizer security vulnerability (CVE-2024-22854)
CVE-2024-22854 is a DOM-based HTML injection vulnerability found in the main page of Darktrace Threat Visualizer, specifically affecting versions 6.1.27 (bundle 61050) and earlier. This vulnerability allows an attacker to craft a URL that, if visited by an authenticated user, triggers an open redirect and may lead to credential theft via an injected HTML form.…