Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22315 | 1 Ibm | 3 Storage Fusion, Storage Fusion Hci, Storage Fusion Hci For Watsonx | 2025-08-19 | N/A | 6.5 MEDIUM |
| IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection. | |||||
| CVE-2025-48807 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-08-15 | N/A | 7.5 HIGH |
| Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. | |||||
| CVE-2022-43916 | 2 Ibm, Redhat | 2 App Connect Enterprise Certified Container, Openshift | 2025-08-13 | N/A | 9.1 CRITICAL |
| IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods that are used for internal infrastructure. | |||||
| CVE-2025-22251 | 1 Fortinet | 1 Fortios | 2025-07-25 | N/A | 5.3 MEDIUM |
| An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets. | |||||
| CVE-2024-26013 | 1 Fortinet | 6 Fortianalyzer, Fortimanager, Fortios and 3 more | 2025-07-25 | N/A | N/A |
| A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device | |||||
| CVE-2025-29986 | 1 Dell | 1 Common Event Enabler | 2025-07-15 | N/A | N/A |
| Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | |||||
| CVE-2025-35978 | 2025-06-12 | N/A | N/A | ||
| Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed. | |||||
| CVE-2025-20261 | 2025-06-04 | N/A | 8.8 HIGH | ||
| A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an authenticated, remote attacker to access internal services with elevated privileges. This vulnerability is due to insufficient restrictions on access to internal services. An attacker with a valid user account could exploit this vulnerability by using crafted syntax when connecting to the Cisco IMC of an affected device through SSH. A successful exploit could allow the attacker to access internal services with elevated privileges, which may allow unauthorized modifications to the system, including the possibility of creating new administrator accounts on the affected device. | |||||
| CVE-2025-23178 | 2025-04-29 | N/A | N/A | ||
| CWE-923: Improper Restriction of Communication Channel to Intended Endpoints | |||||
| CVE-2025-31144 | 2025-04-28 | N/A | N/A | ||
| Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running. | |||||
| CVE-2022-2837 | 1 Coredns.io | 1 Coredns | 2025-03-07 | N/A | 6.1 MEDIUM |
| A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD. | |||||
| CVE-2024-39271 | 2025-02-12 | N/A | N/A | ||
| Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | |||||
| CVE-2024-47490 | 2024-10-15 | N/A | 8.2 HIGH | ||
| An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a Denial of Service (DoS). When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the Routing Engine (RE), rather than being handled appropriately. Continuous receipt of these MPLS packets causes resources to be exhausted. MPLS config is not required to be affected by this issue. This issue affects Junos OS Evolved ACX 7000 Series: * All versions before 21.4R3-S9-EVO, * 22.2-EVO before 22.2R3-S4-EVO, * 22.3-EVO before 22.3R3-S3-EVO, * 22.4-EVO before 22.4R3-S2-EVO, * 23.2-EVO before 23.2R2-EVO, * 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO. | |||||
| CVE-2024-0949 | 2024-06-27 | N/A | 9.8 CRITICAL | ||
| Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows Exploiting Incorrectly Configured Access Control Security Levels, Manipulating Web Input to File System Calls, Embedding Scripts within Scripts, Malicious Logic Insertion, Modification of Windows Service Configuration, Malicious Root Certificate, Intent Spoof, WebView Exposure, Data Injected During Configuration, Incomplete Data Deletion in a Multi-Tenant Environment, Install New Service, Modify Existing Service, Install Rootkit, Replace File Extension Handlers, Replace Trusted Executable, Modify Shared File, Add Malicious File to Shared Webroot, Run Software at Logon, Disable Security Software.This issue affects Elektraweb: before v17.0.68. | |||||
| CVE-2022-2663 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-12 | N/A | 5.3 MEDIUM |
| An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. | |||||