CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, Security Vulnerabilities

SUSE: Security Advisory (SUSE-SU-2016:2964-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2017:2302-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2020:0383-1)

The remote host is missing an update for...

Description of the security update for SharePoint Foundation 2013: June 8, 2021 (KB5001962)

Description of the security update for SharePoint Foundation 2013: June 8, 2021 (KB5001962) Summary This security update resolves a Microsoft SharePoint remote code execution vulnerability, SharePoint spoofing vulnerability, SharePoint Server remote code execution vulnerability, and SharePoint...

CVE-2021-22362

There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions...

CVE-2021-22362

There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions...

Design/Logic Flaw

There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions...

CVE-2021-22362

There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions...

Security Advisory - Possible Out-Of-Bounds Read Vulnerability in Huawei Products

There is an out of bounds read vulnerability in some Huawei products. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal....

Security Advisory - Out of Bounds Write Vulnerability in Huawei CloudEngine Product

There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal. (Vulnerability ID:...

Description of the security update for SharePoint Foundation 2013: May 11, 2021 (KB5001935)

Description of the security update for SharePoint Foundation 2013: May 11, 2021 (KB5001935) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability, information disclosure vulnerability, and spoofing vulnerability, and Microsoft SharePoint remote...

CVE-2021-22332

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious...

CVE-2021-22332

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious...

Double free

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious...

CVE-2021-22393

There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of...

CVE-2021-22393

There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of...

Denial of service

There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of...

CVE-2021-22332

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious...

CVE-2021-22393

There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of...

Rockwell Automation Stratix Switches

EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/ Low attack complexity Vendor: Rockwell Automation Equipment: Stratix Switches Vulnerabilities: Insufficiently Protected Credentials, Insufficient Verification of Data Authenticity, Use of Out-of-Range Pointer Offset, Insertion of...

SUSE: Security Advisory (SUSE-SU-2017:2589-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2020:0384-1)

The remote host is missing an update for...

SUSE: Security Advisory (SUSE-SU-2016:2667-1)

The remote host is missing an update for...

CVE-2019-10881

Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be...

ManageEngine AssentExplorer < 6.8 Unauthenticated Stored XSS

A stored cross-site scripting (XSS) vulnerability exists in the XML processing logic of asset discovery. By sending a crafted HTTP POST request to /discoveryServlet/WsDiscoveryServlet, a remote, unauthenticated attacker can create an asset containing malicious JavaScript. When an administrator...

CVE-2021-20080

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset...

CVE-2021-20080

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset...

Cross site scripting

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset...

CVE-2021-20080

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset...

FATEK Automation Designer Memory Corruption Vulnerabilities

OVERVIEW Ariele Caltabiano (kimiya) working with Trend Micro’s Zero Day Initiative (ZDI) has identified a heap memory corruption and two stack buffer overflow vulnerabilities in Fatek’s Automation PM and FV Designer applications. Fatek has not produced an update to mitigate these vulnerabilities......

Security Advisory - Pointer Double Free Vulnerability in Some Huawei Products

There is a pointer double free vulnerability in Some Huawei Products. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash,...

Security Advisory - Denial of Service Vulnerability in Some Products

There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. (Vulnerability ID: HWPSIRT-2020-70186) This vulnerability has been....

Security Advisory - Denial of Service Vulnerability in Huawei Product

There is a denial of service vulnerability in Huawei product. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal...

Rockwell Automation Logix Controllers (Update A)

EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Studio 5000 Logix Designer, RSLogix 5000, Logix Controllers Vulnerability: Insufficiently Protected Credentials 2. UPDATE INFORMATION This updated advisory is a...

NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)

The remote NewStart CGSL host, running version MAIN 4.06, has firefox packages installed that are affected by multiple vulnerabilities: When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable...

NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)

The remote NewStart CGSL host, running version MAIN 4.06, has thunderbird packages installed that are affected by multiple vulnerabilities: When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially...

Description of the security update for SharePoint Foundation 2013: March 9, 2021 (KB4493238)

Description of the security update for SharePoint Foundation 2013: March 9, 2021 (KB4493238) Summary This security update resolves a Microsoft SharePoint Spoofing Vulnerability. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2021-24104 and...

CVE-2021-22681

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730,...

CVE-2021-22681

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730,...

Design/Logic Flaw

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730,...

CVE-2021-22681

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730,...

Description of the security update for SharePoint Foundation 2013: February 9, 2021 (KB4493210)

Description of the security update for SharePoint Foundation 2013: February 9, 2021 (KB4493210) Summary This security update resolves Microsoft SharePoint Spoofing Vulnerability, SharePoint Remote Code Execution Vulnerability, and SharePoint Information Disclosure Vulnerability. To learn more...

CentOS 8 : thunderbird (CESA-2020:0577)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:0577 advisory. Mozilla: Message ID calculation was based on uninitialized data (CVE-2020-6792) Mozilla: Out-of-bounds read when processing certain email messages...

CentOS 8 : firefox (CESA-2020:0512)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:0512 advisory. Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796) Mozilla: Incorrect parsing of template tag could result in...

CVE-2020-1865

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the.....

CVE-2020-1865

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the.....

Out-of-bounds

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the.....

CVE-2020-1865

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the.....

Description of the security update for SharePoint Foundation 2013: January 12, 2021

Description of the security update for SharePoint Foundation 2013: January 12, 2021 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

Security Advisory - Out-of-Bounds Read Vulnerability in Huawei CloudEngine Products

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the.....