CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, Security Vulnerabilities

CVE-2023-28584

Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement...

CVE-2023-28558

Memory corruption in WLAN handler while processing PhyID in Tx status...

CVE-2023-28562

Memory corruption while handling payloads from remote...

CVE-2023-28564

Memory corruption in WLAN HAL while passing command parameters through WMI...

CVE-2023-28538

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI...

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI...

CVE-2023-28548

Memory corruption in WLAN HAL while processing Tx/Rx commands from...

CVE-2023-28549

Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV...

CVE-2023-28544

Memory corruption in WLAN while sending transmit command from HLOS to UTF...

CVE-2023-28559

Memory corruption in WLAN FW while processing command parameters from untrusted WMI...

Epson Printers CSRF Vulnerability (Apr 2023)

Multiple Epson printer models are prone to a cross-site request forgery (CSRF)...

CVE-2023-20221

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....

CVE-2023-20221

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....

CVE-2023-20221

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....

CVE-2023-20589

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code...

CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information...

CVE-2023-20555

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in...

CVE-2023-28575

The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to...

CVE-2023-28577

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel...

CVE-2023-28576

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to...

Open Babel translationVectors parsing out-of-bounds write vulnerabilities

Talos Vulnerability Report TALOS-2022-1666 Open Babel translationVectors parsing out-of-bounds write vulnerabilities July 21, 2023 CVE Number CVE-2022-46292,CVE-2022-46295,CVE-2022-46294,CVE-2022-46293,CVE-2022-46291 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the...

Open Babel Gaussian format orientation out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2022-1672 Open Babel Gaussian format orientation out-of-bounds write vulnerability July 21, 2023 CVE Number CVE-2022-37331 SUMMARY An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit...

CVE-2023-28541

Memory Corruption in Data Modem while processing DMA buffer release event about CFR...

CVE-2023-21640

Memory corruption in Linux when the file upload API is called with parameters having large...

CVE-2023-21629

Memory Corruption in Modem due to double free while parsing the PKCS15 sim...

CVE-2023-21633

Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage...

CVE-2023-21638

Memory corruption in Video while calling APIs with different instance ID than the one received in...

CVE-2023-21635

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on...

CVE-2023-21641

An app with non-privileged access can change global system brightness and cause undesired system...

CVE-2023-24851

Memory Corruption in WLAN HOST while parsing QMI response message from...

CVE-2023-21637

Memory corruption in Linux while calling system configuration...

CVE-2023-24854

Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response...

CVE-2023-22386

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate...

CVE-2023-21672

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording...

CVE-2023-22387

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory...

CVE-2023-21631

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from...

CVE-2023-28542

Memory Corruption in WLAN HOST while fetching TX status...

CVE-2023-22667

Memory Corruption in Audio while allocating the ion buffer during the music...

CVE-2023-21624

Information disclosure in DSP Services while loading dynamic...

CVE-2023-1329

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Buffer Overflow and/or Remote Code Execution when running HP Workpath solutions on potentially affected...

CVE-2023-1707

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version...

CVE-2021-46754

Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and...

CVE-2021-46794

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...

CVE-2021-46759

Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a...

CVE-2021-46765

Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of...

CVE-2021-46773

Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code...

CVE-2021-46792

Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of...

CVE-2021-46753

Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and...