CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, Security Vulnerabilities

CVE-2021-46748

Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of...

CVE-2022-23820

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code...

CVE-2023-28570

Memory corruption while processing audio...

CVE-2023-28569

Information disclosure in WLAN HAL while handling command through WMI...

CVE-2023-28572

Memory corruption in WLAN HOST while processing the WLAN scan descriptor...

CVE-2023-28566

Information disclosure in WLAN HAL while handling the WMI state info...

CVE-2023-28563

Information disclosure in IOE Firmware while handling WMI...

CVE-2023-28568

Information disclosure in WLAN HAL when reception status handler is...

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in...

CVE-2023-28556

Cryptographic issue in HLOS during key...

CVE-2023-24852

Memory Corruption in Core due to secure memory access by user while loading modem...

CVE-2023-28553

Information Disclosure in WLAN Host when processing WMI event...

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask...

CVE-2023-28545

Memory corruption in TZ Secure OS while loading an app...

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery

...

TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery Vulnerability

...

TEM Opera Plus FM Family Transmitter 35.45 XSRF

Title: TEM Opera Plus FM Family Transmitter 35.45 XSRF Advisory ID: ZSL-2023-5800 Type: Local/Remote Impact: Cross-Site Scripting Risk: (4/5) Release Date: 25.10.2023 Summary This new line of Opera plus FM Transmitters combines very high efficiency, high reliability and low energy consumption in...

Rockwell Automation Stratix 5800 & 5200 Cisco IOS XE Web UI Privilege Escalation (CVE-2023-20198)

This vulnerability in the Web UI feature of Cisco IOS XE Software allows a remote, unauthenticated threat actor to create an account on a vulnerable system with privilege level 15 access. The threat actor could then potentially use that account to gain control of the affected system. This plugin...

Ubuntu 16.04 LTS : Firefox vulnerabilities (USN-4278-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4278-2 advisory. A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This...

CVE-2023-20598

An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code...

Exploit for OS Command Injection in Paloaltonetworks Prisma Access

CVE-2021-3060 POC/ Exploit Description: An OS command...

CVE-2023-5113

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via...

CVE-2023-28539

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available...

CVE-2023-24849

Information Disclosure in data Modem while parsing an FMTP line in an SDP...

CVE-2023-24850

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted...

CVE-2023-24853

Memory Corruption in HLOS while registering for key provisioning...

CVE-2023-24855

Memory corruption in Modem while processing security related configuration before AS Security...

CVE-2023-24847

Transient DOS in Modem while allocating DSM...

CVE-2023-24843

Transient DOS in Modem while triggering a camping on an 5G...

CVE-2023-24848

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line...

CVE-2023-24844

Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address...

CVE-2023-22385

Memory Corruption in Data Modem while making a MO call or MT VOLTE...

CVE-2023-21673

Improper Access to the VM resource manager can lead to Memory...

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...

CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12800)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12800 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Unbreakable Enterprise kernel security update

[4.1.12-124.78.4.1] - rds: Fix lack of reentrancy for connection reset with dst addr zero (Haakon Bugge) [Orabug: 35741584] ...

Information Disclosure Vulnerability on some Huawei Products (huawei-sa-20200715-03-informationleak)

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get...

Oracle Linux 8 : firefox (ELSA-2020-0512)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0512 advisory. A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This...

Oracle Linux 6 : thunderbird (ELSA-2020-0574)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0574 advisory. Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed...

Oracle Linux 6 : firefox (ELSA-2020-0521)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0521 advisory. A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This...

Oracle Linux 8 : thunderbird (ELSA-2020-0577)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0577 advisory. Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed...

CVE-2023-28567

Memory corruption in WLAN HAL while handling command through WMI...

CVE-2023-33015

Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon...

CVE-2023-33021

Memory corruption in Graphics while processing user packets for command...

CVE-2023-28573

Memory corruption in WLAN HAL while parsing WMI command...

CVE-2023-33016

Transient DOS in WLAN firmware while parsing MLO (multi-link...

CVE-2023-28581

Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK...

CVE-2023-28565

Memory corruption in WLAN HAL while handling command streams through WMI...