CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, Security Vulnerabilities

CVE-2018-12800

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes:...

CVE-2018-12800

...

CVE-2019-1684

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS)...

CVE-2019-1684

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS)...

Race condition

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS)...

Securely and Anonymously Send and Receive Files: OnionShare

OnionShare is an open source tool for securely and anonymously sending and receiving files using Tor onion services. It works by starting a web server directly on your computer and making it accessible as an unguessable Tor web address that others can load in Tor Browser to download files from...

Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS)...

CVE-2019-1684 Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS)...

Description of the security update for SharePoint Foundation 2013: February 12, 2019

Description of the security update for SharePoint Foundation 2013: February 12, 2019 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

Schneider Electric EVLink Parking

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EVLink Parking Vulnerabilities: Use of Hard-coded Credentials, Code Injection, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

VPN Browser+ 1.1.0.0 - Denial of Service Exploit

...

VPN Browser+ 1.1.0.0 Denial Of Service

...

VPN Browser+ 1.1.0.0 - Denial of Service (PoC)

...

VPN Browser+ 1.1.0.0 - Denial of Service (PoC)

VPN Browser+ 1.1.0.0 - Denial of Service...

Timing Attack

sinatra is vulnerable to timing attacks. This vulnerability is caused because the csrf tokens are not compared in constant time, allowing malicious users to guess the valid csrf tokens based on the time that a comparison...

Description of the security update for SharePoint Foundation 2013: January 8, 2019

Description of the security update for SharePoint Foundation 2013: January 8, 2019 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

Critical Bug Patched in Schneider Electric Vehicle Charging Station

Schneider Electric is warning about a critical vulnerability in its EVLink Parking devices – a line of electric vehicle charging stations. The energy management and automation giant said the vulnerability is tied to a hard-coded credential bug that exists within the device that could enable...

CVE-2018-7800

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the...

CVE-2018-7800

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the...

Hardcoded credentials

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the...

CVE-2018-7800

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the...

CVE-2018-5800

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a...

CVE-2018-5800

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a...

CVE-2018-5800

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a...

Heap overflow

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a...

CVE-2018-5800

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a...

CVE-2018-5800

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a...

Scientific Linux Security Update : libkdcraw on SL7.x x86_64 (20181030)

LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805) LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800) LibRaw: NULL pointer dereference in LibRaw::unpack...

CentOS 7 : libkdcraw (CESA-2018:3065)

An update for libkdcraw is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from....

libkdcraw security update

CentOS Errata and Security Advisory CESA-2018:3065 Libkdcraw is a C++ interface around the LibRaw library used to decode the RAW picture files. Security Fix(es): LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805) LibRaw:...

Remote Code Execution (RCE)

Microsoft Chakracore is vulnerable to remote code execution. It is possible due to a flaw in GetEnvironmentOperand in IRBuilder.cpp This CVE ID is different from CVE-2018-8541, CVE-2018-8542, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557,...

Tina4 Stack 1.0.3 - SQL Injection / Database File Download Vulnerabilities

Exploit for php platform in category web...

Description of the security update for SharePoint Foundation 2013: November 13, 2018

Description of the security update for SharePoint Foundation 2013: November 13, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

Tina4 Stack 1.0.3 - SQL Injection / Database File Download

...

Tina4 Stack 1.0.3 - SQL Injection Database File Download

Tina4 Stack 1.0.3 - SQL Injection Database File...

Tina4 Stack 1.0.3 SQL Injection

...

Oracle Linux 7 : libkdcraw (ELSA-2018-3065)

From Red Hat Security Advisory 2018:3065 : An update for libkdcraw is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity...

libkdcraw security update

[4.10.5-5] - Resolves: #1557171, #1557189, #1558954 use the system...

Security Advisory - SegmentSmack Vulnerability in Linux Kernel

There is a DoS vulnerability in the Linux Kernel versions 4.9+ known as a SegmentSmack attack. Remote attackers may send TCP packets to Linux kernel to make it calls the very expensive functions tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() of the affected device which can lead to a denial of....

RHEL 7 : libkdcraw (RHSA-2018:3065)

An update for libkdcraw is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from....

(RHSA-2018:3065) Moderate: libkdcraw security update

Libkdcraw is a C++ interface around the LibRaw library used to decode the RAW picture files. Security Fix(es): LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805) LibRaw: Heap-based buffer overflow in...

SUSE SLED12 Security Update : libraw (SUSE-SU-2018:3343-1)

This update for libraw fixes the following issues : Security issues fixed : CVE-2018-5800: Fixed heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function (bsc#1084691). CVE-2018-5801: Fixed NULL pointer dereference in LibRaw::unpack function (bsc#1084690). CVE-2018-5802: Fixed...

Improving Image Manager with Real User Feedback

Steve Krug, a well-known user experience professional, has been quoted on many occasions for saying, "Don't make me think." It's true that users shouldn't have to puzzle around to find what they're looking for or to complete a task. Product usability is equally important to fancy features and...

CVE-2018-15370

A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a....

CVE-2018-15370

A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a....

Input validation

A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a....

Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability

A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a....

CVE-2018-15370 Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability

A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a....

Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow Vulnerability (Update B)

EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Logix5000 Vulnerability: Stack-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the previously updated advisory titled...

Network Vision IntraVue Code Injection Vulnerability

OVERVIEW Researcher Jürgen Bilberger from Daimler TSS GmbH has identified a code injection vulnerability in Network Vision’s IntraVue software. Network Vision has produced a new version that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...