CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, Security Vulnerabilities

CVE-2021-26354

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of...

CVE-2021-26365

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory...

CVE-2021-46749

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information...

CVE-2021-26371

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information...

CVE-2023-27520

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that...

Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383)

Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ​​​​Microsoft Common Vulnerabilities and Exposures CVE-2023-28288....

CVE-2023-28342

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication...

Authentication flaw

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication...

SIGSEGV at libr/bin/p/bin_coff.c:509 in patch_relocs()

Description radare2 5.8.2 misparses symbol information in COFF files, causing a segmentation fault in patch_relocs at libr/bin/p/bin_coff.c:509 # Proof of Concept input.bin 00000000: 6603 e846 4058 6458 4036 5858 5858 5868 f..F@XdX@6XXXXXh 00000010: 5858 7063 5858 5840 0038 00de 57ff ffff ...

Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367)

Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ​​​​Microsoft Common Vulnerabilities and Exposures CVE-2023-23395....

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability...

Cisco IP Phones < 11.3.7SR1 Multiple Vulnerabilities (cisco-sa-ip-phone-cmd-inj-KMFynVcP)

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. Please see the included Cisco BIDs and Cisco Security Advisory for more...

Debian: Security Advisory (DLA-651-1)

The remote host is missing an update for the...

CVE-2023-20079 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this...

CVE-2023-20078 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this...

Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack

Cisco on Wednesday rolled out security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based.....

Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details ["#details"] section...

Malicious code in selfvmrandom (pypi)

-= Per source details. Do not edit below this line.=- Source: checkmarx (fe85fa4c2e96cb2a2a49f5493aac578f73c5bb2dbed574c3130b280e42fa3fe3) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...

Malicious code in pyultra (pypi)

-= Per source details. Do not edit below this line.=- Source: checkmarx (9660e4540466257fc92dab3911b03478215ecd015217fca5e352c0ba568f5004) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...

Malicious code in urlultra (pypi)

-= Per source details. Do not edit below this line.=- Source: checkmarx (3c7b155fedf43e93b99c014649b35e6cee427625d86cb5c8fe57497b36942ad4) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...

Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347)

Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347) Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability and Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities,....

USN-5800-1: Heimdal vulnerabilities | Cloud Foundry

Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-44758) Evgeny Legerov...

CVE-2023-20018

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....

CVE-2023-20018

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....

Authentication flaw

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....

CVE-2023-20018

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....

Ubuntu: Security Advisory (USN-5800-1)

The remote host is missing an update for...

heimdal vulnerabilities

It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-44758) Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote...

Recog Release v3.0.3

Recog Release v3.0.3, which is available now, includes updated fingerprints for Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus; Atlassian Bitbucket Server; and Supervisord Supervisor. It also includes new fingerprints and a number of bug fixes, all of which are detailed...

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. In total 98 vulnerabilities were patched, including 11 that were labelled critical and one that is being actively exploited in the wild. This is also the last time we expect to see fixes for Windows 8.1...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Heimdal vulnerabilities (USN-5800-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5800-1 advisory. Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of...

Heimdal vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages heimdal - Heimdal Kerberos Network Authentication Protocol Details It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial...

Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....

CVE-2021-26346

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of...

CVE-2021-26316

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code...

Description of the security update for SharePoint Foundation 2013: January 10, 2023 (KB5002336)

Description of the security update for SharePoint Foundation 2013: January 10, 2023 (KB5002336) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...

ManageEngine PAM360 < 5.8 Build 5801 SQLi

The remote host is running a version of ManageEngine PAM360 prior to 5.8 Build 5801. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or...

Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities

Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. "An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated...

CVE-2022-46304

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

CVE-2022-46304

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

Command injection

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

CVE-2022-46304 ChangingTec ServiSign - Command Injection

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

CVE-2021-44758

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. Bugs https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 Notes Author| Note ---|--- rodrigo-zaiden |...

CVE-2022-42898

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of...

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). Bugs http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 https://bugzilla.samba.org/show_bug.cgi?id=14929 Notes Author| Note...

Update now! Two zero-days fixed in 2022's last patch Tuesday

In numbers, the patch Tuesday of December 2022 is a relatively light one for Windows users. Microsoft patched 48 vulnerabilities with only six considered critical. But numbers are only half the story. Two of the updates are zero-days with one of them known to be actively exploited. Windows...

Description of the security update for SharePoint Foundation 2013: December 13, 2022 (KB5002319)

Description of the security update for SharePoint Foundation 2013: December 13, 2022 (KB5002319) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...

CVE-2022-20968

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco...

CVE-2022-20968

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco...