Lucene search

K

CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, Security Vulnerabilities

cve
cve

CVE-2021-26354

Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of...

5.5CVSS

7.2AI Score

0.0004EPSS

2023-05-09 07:15 PM
34
cve
cve

CVE-2021-26365

Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory...

8.2CVSS

8.7AI Score

0.001EPSS

2023-05-09 07:15 PM
17
cve
cve

CVE-2021-46749

Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...

7.5CVSS

7.8AI Score

0.001EPSS

2023-05-09 07:15 PM
17
cve
cve

CVE-2021-26371

A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information...

5.5CVSS

7.1AI Score

0.0004EPSS

2023-05-09 07:15 PM
21
cve
cve

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information...

7.4CVSS

8.4AI Score

0.002EPSS

2023-05-09 07:15 PM
21
cve
cve

CVE-2023-27520

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that...

6.5CVSS

6.7AI Score

0.001EPSS

2023-04-11 09:15 AM
16
mskb
mskb

Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383)

Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ​​​​Microsoft Common Vulnerabilities and Exposures CVE-2023-28288....

8AI Score

0.004EPSS

2023-04-11 07:00 AM
65
cve
cve

CVE-2023-28342

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication...

7.5CVSS

7.5AI Score

0.001EPSS

2023-04-05 07:15 PM
53
prion
prion

Authentication flaw

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication...

7.5CVSS

7.5AI Score

0.001EPSS

2023-04-05 07:15 PM
9
huntr
huntr

SIGSEGV at libr/bin/p/bin_coff.c:509 in patch_relocs()

Description radare2 5.8.2 misparses symbol information in COFF files, causing a segmentation fault in patch_relocs at libr/bin/p/bin_coff.c:509 # Proof of Concept input.bin 00000000: 6603 e846 4058 6458 4036 5858 5858 5868 f..F@XdX@6XXXXXh 00000010: 5858 7063 5858 5840 0038 00de 57ff ffff ...

7.5CVSS

7.2AI Score

0.001EPSS

2023-03-21 05:24 PM
7
mskb
mskb

Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367)

Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see ​​​​Microsoft Common Vulnerabilities and Exposures CVE-2023-23395....

4.1AI Score

0.001EPSS

2023-03-14 07:00 AM
49
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)

Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability...

8.8CVSS

0.1AI Score

EPSS

2023-03-09 02:32 PM
97
nessus
nessus

Cisco IP Phones < 11.3.7SR1 Multiple Vulnerabilities (cisco-sa-ip-phone-cmd-inj-KMFynVcP)

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. Please see the included Cisco BIDs and Cisco Security Advisory for more...

8.9AI Score

0.003EPSS

2023-03-09 12:00 AM
12
openvas
openvas

Debian: Security Advisory (DLA-651-1)

The remote host is missing an update for the...

9.8CVSS

8.7AI Score

0.037EPSS

2023-03-08 12:00 AM
2
cvelist
cvelist

CVE-2023-20079 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this...

9.8CVSS

9.9AI Score

0.002EPSS

2023-03-03 12:00 AM
cvelist
cvelist

CVE-2023-20078 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this...

9.8CVSS

10AI Score

0.003EPSS

2023-03-03 12:00 AM
thn
thn

Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack

Cisco on Wednesday rolled out security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based.....

1.3AI Score

0.004EPSS

2023-03-02 04:17 AM
55
cisco
cisco

Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details ["#details"] section...

1.2AI Score

0.003EPSS

2023-03-01 04:00 PM
49
osv
osv

Malicious code in selfvmrandom (pypi)

-= Per source details. Do not edit below this line.=- Source: checkmarx (fe85fa4c2e96cb2a2a49f5493aac578f73c5bb2dbed574c3130b280e42fa3fe3) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...

7.2AI Score

2023-02-25 11:03 PM
2
osv
osv

Malicious code in pyultra (pypi)

-= Per source details. Do not edit below this line.=- Source: checkmarx (9660e4540466257fc92dab3911b03478215ecd015217fca5e352c0ba568f5004) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...

7.2AI Score

2023-02-23 11:33 PM
3
osv
osv

Malicious code in urlultra (pypi)

-= Per source details. Do not edit below this line.=- Source: checkmarx (3c7b155fedf43e93b99c014649b35e6cee427625d86cb5c8fe57497b36942ad4) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...

7.2AI Score

2023-02-23 07:00 PM
3
mskb
mskb

Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347)

Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347) Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability and Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities,....

9.7AI Score

0.454EPSS

2023-02-14 08:00 AM
65
cloudfoundry
cloudfoundry

USN-5800-1: Heimdal vulnerabilities | Cloud Foundry

Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-44758) Evgeny Legerov...

9.8CVSS

2.6AI Score

0.014EPSS

2023-02-01 12:00 AM
14
cve
cve

CVE-2023-20018

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....

8.6CVSS

6.6AI Score

0.001EPSS

2023-01-20 07:15 AM
94
nvd
nvd

CVE-2023-20018

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....

6.5CVSS

8.7AI Score

0.001EPSS

2023-01-20 07:15 AM
prion
prion

Authentication flaw

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....

6.5CVSS

6.6AI Score

0.001EPSS

2023-01-20 07:15 AM
4
cvelist
cvelist

CVE-2023-20018

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....

8.6CVSS

8.8AI Score

0.001EPSS

2023-01-19 01:35 AM
openvas
openvas

Ubuntu: Security Advisory (USN-5800-1)

The remote host is missing an update for...

9.8CVSS

7.9AI Score

0.014EPSS

2023-01-13 12:00 AM
3
osv
osv

heimdal vulnerabilities

It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-44758) Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote...

9.8CVSS

8.2AI Score

0.014EPSS

2023-01-12 05:12 PM
5
rapid7blog
rapid7blog

Recog Release v3.0.3

Recog Release v3.0.3, which is available now, includes updated fingerprints for Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus; Atlassian Bitbucket Server; and Supervisord Supervisor. It also includes new fingerprints and a number of bug fixes, all of which are detailed...

9.8CVSS

0.1AI Score

0.974EPSS

2023-01-12 02:20 PM
34
malwarebytes
malwarebytes

Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability

The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. In total 98 vulnerabilities were patched, including 11 that were labelled critical and one that is being actively exploited in the wild. This is also the last time we expect to see fixes for Windows 8.1...

8.8CVSS

0.8AI Score

0.006EPSS

2023-01-12 04:00 AM
68
nessus
nessus

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Heimdal vulnerabilities (USN-5800-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5800-1 advisory. Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of...

9.6AI Score

0.014EPSS

2023-01-12 12:00 AM
56
ubuntu
ubuntu

Heimdal vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages heimdal - Heimdal Kerberos Network Authentication Protocol Details It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial...

9.8CVSS

8.9AI Score

0.014EPSS

2023-01-12 12:00 AM
41
cisco
cisco

Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....

1.3AI Score

0.001EPSS

2023-01-11 04:00 PM
46
cve
cve

CVE-2021-26316

Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code...

7.8CVSS

8AI Score

0.0004EPSS

2023-01-11 08:15 AM
76
cve
cve

CVE-2021-26346

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of...

5.5CVSS

6AI Score

0.0004EPSS

2023-01-11 08:15 AM
33
mskb
mskb

Description of the security update for SharePoint Foundation 2013: January 10, 2023 (KB5002336)

Description of the security update for SharePoint Foundation 2013: January 10, 2023 (KB5002336) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...

9AI Score

0.007EPSS

2023-01-10 08:00 AM
40
nessus
nessus

ManageEngine PAM360 < 5.8 Build 5801 SQLi

The remote host is running a version of ManageEngine PAM360 prior to 5.8 Build 5801. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or...

9.7AI Score

0.144EPSS

2023-01-06 12:00 AM
23
thn
thn

Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities

Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. "An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated...

2.6AI Score

0.144EPSS

2023-01-05 07:52 AM
32
cve
cve

CVE-2022-46304

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

8.8CVSS

9.1AI Score

0.002EPSS

2023-01-03 03:15 AM
16
nvd
nvd

CVE-2022-46304

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

8.8CVSS

9.2AI Score

0.002EPSS

2023-01-03 03:15 AM
prion
prion

Command injection

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

8.8CVSS

9.2AI Score

0.002EPSS

2023-01-03 03:15 AM
5
cvelist
cvelist

CVE-2022-46304 ChangingTec ServiSign - Command Injection

ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...

8.8CVSS

9.4AI Score

0.002EPSS

2023-01-03 12:00 AM
ubuntucve
ubuntucve

CVE-2021-44758

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. Bugs https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 Notes Author| Note ---|--- rodrigo-zaiden |...

7.5CVSS

3.6AI Score

0.001EPSS

2022-12-26 12:00 AM
14
ubuntucve
ubuntucve

CVE-2022-42898

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of...

8.8CVSS

8.9AI Score

0.005EPSS

2022-12-25 12:00 AM
15
ubuntucve
ubuntucve

CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). Bugs http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 https://bugzilla.samba.org/show_bug.cgi?id=14929 Notes Author| Note...

9.8CVSS

9.2AI Score

0.014EPSS

2022-12-25 12:00 AM
23
malwarebytes
malwarebytes

Update now! Two zero-days fixed in 2022's last patch Tuesday

In numbers, the patch Tuesday of December 2022 is a relatively light one for Windows users. Microsoft patched 48 vulnerabilities with only six considered critical. But numbers are only half the story. Two of the updates are zero-days with one of them known to be actively exploited. Windows...

8.5CVSS

0.4AI Score

0.023EPSS

2022-12-14 03:00 PM
21
mskb
mskb

Description of the security update for SharePoint Foundation 2013: December 13, 2022 (KB5002319)

Description of the security update for SharePoint Foundation 2013: December 13, 2022 (KB5002319) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...

9AI Score

0.009EPSS

2022-12-13 08:00 AM
9
cve
cve

CVE-2022-20968

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco...

8.8CVSS

8.9AI Score

0.001EPSS

2022-12-12 09:15 AM
67
nvd
nvd

CVE-2022-20968

A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco...

8.8CVSS

0.001EPSS

2022-12-12 09:15 AM
1
Total number of security vulnerabilities1776