AC6005,AC6605,AR1200,AR200,AR3200,CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800,CloudEngine 8800,E600,S12700,S1700,S2300,S2700,S5300,S5700,S6300,S6700,S7700,S9300,S9700,Secospace USG6600, Security Vulnerabilities

CVE-2021-46774

Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in...

CVE-2022-23820

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code...

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery

...

TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery Vulnerability

...

TEM Opera Plus FM Family Transmitter 35.45 XSRF

Title: TEM Opera Plus FM Family Transmitter 35.45 XSRF Advisory ID: ZSL-2023-5800 Type: Local/Remote Impact: Cross-Site Scripting Risk: (4/5) Release Date: 25.10.2023 Summary This new line of Opera plus FM Transmitters combines very high efficiency, high reliability and low energy consumption in...

Rockwell Automation Stratix 5800 & 5200 Cisco IOS XE Web UI Privilege Escalation (CVE-2023-20198)

This vulnerability in the Web UI feature of Cisco IOS XE Software allows a remote, unauthenticated threat actor to create an account on a vulnerable system with privilege level 15 access. The threat actor could then potentially use that account to gain control of the affected system. This plugin...

Ubuntu 16.04 LTS : Firefox vulnerabilities (USN-4278-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4278-2 advisory. A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This...

Exploit for OS Command Injection in Paloaltonetworks Pan-Os

CVE-2021-3060 POC/ Exploit Description: An OS command...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12800)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12800 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Unbreakable Enterprise kernel security update

[4.1.12-124.78.4.1] - rds: Fix lack of reentrancy for connection reset with dst addr zero (Haakon Bugge) [Orabug: 35741584] ...

Information Disclosure Vulnerability on some Huawei Products (huawei-sa-20200715-03-informationleak)

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get...

Oracle Linux 6 : thunderbird (ELSA-2020-0574)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0574 advisory. Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed...

Oracle Linux 8 : firefox (ELSA-2020-0512)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0512 advisory. A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This...

Oracle Linux 6 : firefox (ELSA-2020-0521)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0521 advisory. A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This...

Oracle Linux 8 : thunderbird (ELSA-2020-0577)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0577 advisory. Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed...

CVE-2023-28581

Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK...

Epson Printers CSRF Vulnerability (Apr 2023)

Multiple Epson printer models are prone to a cross-site request forgery (CSRF)...

Epson Printers Multiple Vulnerabilities (Apr 2023)

Multiple Epson printer models are prone to multiple...

CVE-2023-20221

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....

CVE-2023-20221

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....

CVE-2023-28577

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel...

CVE-2023-28576

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to...

Open Babel translationVectors parsing out-of-bounds write vulnerabilities

Talos Vulnerability Report TALOS-2022-1666 Open Babel translationVectors parsing out-of-bounds write vulnerabilities July 21, 2023 CVE Number CVE-2022-46292,CVE-2022-46295,CVE-2022-46294,CVE-2022-46293,CVE-2022-46291 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the...

Open Babel Gaussian format orientation out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2022-1672 Open Babel Gaussian format orientation out-of-bounds write vulnerability July 21, 2023 CVE Number CVE-2022-37331 SUMMARY An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit...

Description of the security update for Office 2013: July 11, 2023 (KB5002400)

Description of the security update for Office 2013: July 11, 2023 (KB5002400) Summary This security update resolves a Microsoft Office graphics remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-33149. Note: To...

CVE-2023-35854

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found.....

Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383)

Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ​​​​Microsoft Common Vulnerabilities and Exposures CVE-2023-28288....

CVE-2023-28342

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication...

Authentication flaw

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication...

CVE-2022-36413

Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM...

SIGSEGV at libr/bin/p/bin_coff.c:509 in patch_relocs()

Description radare2 5.8.2 misparses symbol information in COFF files, causing a segmentation fault in patch_relocs at libr/bin/p/bin_coff.c:509 # Proof of Concept input.bin 00000000: 6603 e846 4058 6458 4036 5858 5858 5868 f..F@XdX@6XXXXXh 00000010: 5858 7063 5858 5840 0038 00de 57ff ffff ...

Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367)

Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ​​​​Microsoft Common Vulnerabilities and Exposures CVE-2023-23395....

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability...

Cisco IP Phones < 11.3.7SR1 Multiple Vulnerabilities (cisco-sa-ip-phone-cmd-inj-KMFynVcP)

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. Please see the included Cisco BIDs and Cisco Security Advisory for more...

CVE-2023-24282

An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone...

Design/Logic Flaw

An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone...

CVE-2023-24282

An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone...

Debian: Security Advisory (DLA-651-1)

The remote host is missing an update for the...

GitHub Security Lab audited DataHub: Here&#8217;s what they found

At GitHub, we really care about open source security and love to help maintainers to secure their code. That is indeed the mission of the GitHub Security Lab. As users of open source software (OSS), we also love to contribute back to the community by helping improve the security posture of the OSS....

CVE-2023-20079 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this...

CVE-2023-20078 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this...

Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack

Cisco on Wednesday rolled out security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based.....

Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details ["#details"] section...

Malicious code in selfvmrandom (pypi)

-= Per source details. Do not edit below this line.=- Source: checkmarx (fe85fa4c2e96cb2a2a49f5493aac578f73c5bb2dbed574c3130b280e42fa3fe3) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...

Malicious code in pyultra (pypi)

-= Per source details. Do not edit below this line.=- Source: checkmarx (9660e4540466257fc92dab3911b03478215ecd015217fca5e352c0ba568f5004) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...

Malicious code in urlultra (pypi)

-= Per source details. Do not edit below this line.=- Source: checkmarx (3c7b155fedf43e93b99c014649b35e6cee427625d86cb5c8fe57497b36942ad4) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...

Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347)

Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347) Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability and Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities,....