Filtered by vendor Akamai
Subscriptions
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53841 | 2 Akamai, Microsoft | 2 Guardicore Platform Agent, Windows | 2025-12-05 | 7.8 High |
| The GC-AGENTS-SERVICE running as part of AkamaiĀ“s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.2.0 is affected by a local privilege escalation vulnerability. The service will attempt to read an OpenSSL configuration file from a non-existent location that standard Windows users have default write access to. This allows an unprivileged local user to create a crafted "openssl.cnf" file in that location and, by specifying the path to a custom DLL file in a custom OpenSSL engine definition, execute arbitrary commands with the privileges of the Guardicore Agent process. Since Guardicore Agent runs with SYSTEM privileges, this permits an unprivileged user to fully elevate privileges to SYSTEM level in this manner. | ||||
| CVE-2025-66373 | 1 Akamai | 1 Ghost | 2025-12-04 | N/A |
| Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from the actual size of the following chunk data, under certain circumstances, Akamai Ghost erroneously forwards the invalid request and subsequent superfluous bytes to the origin server. An attacker could hide a smuggled request in these superfluous bytes. Whether this is exploitable depends on the origin server's behavior and how it processes the invalid request it receives from Akamai Ghost. | ||||
| CVE-2025-49493 | 1 Akamai | 1 Cloudtest | 2025-09-24 | 5.8 Medium |
| Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection. | ||||
| CVE-2025-54142 | 1 Akamai | 1 Akamaighost | 2025-08-31 | 4 Medium |
| Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards. | ||||
| CVE-2025-32094 | 1 Akamai | 1 Ghost | 2025-08-07 | 4 Medium |
| An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body. | ||||
| CVE-2025-24527 | 1 Akamai | 1 Enterprise Application Access | 2025-07-12 | 8 High |
| An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector. | ||||
| CVE-2025-52491 | 1 Akamai | 1 Cloudtest | 2025-07-06 | 5.8 Medium |
| Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF. | ||||
| CVE-2016-10157 | 1 Akamai | 1 Netsession | 2025-04-20 | N/A |
| Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space. | ||||
| CVE-2008-1770 | 1 Akamai | 1 Download Manager | 2025-04-09 | N/A |
| CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. | ||||
| CVE-2021-40683 | 2 Akamai, Microsoft | 2 Enterprise Application Access, Windows | 2024-11-21 | 7.8 High |
| In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution. | ||||
| CVE-2019-18847 | 1 Akamai | 1 Enterprise Application Access | 2024-11-21 | 9.8 Critical |
| Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. | ||||
| CVE-2019-11011 | 1 Akamai | 1 Cloudtest | 2024-11-21 | N/A |
| Akamai CloudTest before 58.30 allows remote code execution. | ||||
| CVE-2024-45164 | 1 Akamai | 1 Secure Internet Access Enterprise Threatavert | 2024-11-06 | 4.3 Medium |
| Akamai SIA (Secure Internet Access Enterprise) ThreatAvert, in SPS (Security and Personalization Services) before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticated user can navigate directly to the /#app/intelligence/threatAvertPolicies URI and disable policy enforcement. | ||||
Page 1 of 1.