CloudEngine 12800,CloudEngine 5800,CloudEngine 6800,CloudEngine 7800, Security Vulnerabilities

CVE-2022-22275

Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is...

CVE-2022-22278

A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS)...

Slackware: Security Advisory (SSA:2020-042-02)

The remote host is missing an update for...

Slackware: Security Advisory (SSA:2020-042-01)

The remote host is missing an update for...

Description of the security update for SharePoint Foundation 2013: April 12, 2022 (KB5002189)

Description of the security update for SharePoint Foundation 2013: April 12, 2022 (KB5002189) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability and Microsoft Excel remote code execution vulnerability. To learn more about the vulnerabilities, see the...

CVE-2022-1161

An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change....

CVE-2022-20774

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system....

CVE-2022-20774

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system....

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system....

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system....

CVE-2022-20774 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system....

Rockwell Automation Logix Controllers

EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Inclusion of Functionality from Untrusted Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...

Update now! Cisco fixes several vulnerabilities

Cisco has released a security advisory about two vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). The flaws could allow an authenticated, remote attacker with read/write privileges to the application.....

Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability

A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of...

aaPanel 6.8.21 - Directory Traversal (Authenticated)

...

aaPanel 6.8.21 Directory Traversal

...

aaPanel 6.8.21 Directory Traversal Vulnerability

...

Debian DLA-2903-1 : libraw - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2903 advisory. In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An...

microweber cross-site request forgery vulnerability (CNVD-2022-12800)

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site request forgery vulnerability exists in microweber, which stems from the fact that the product does not...

Description of the security update for SharePoint Foundation 2013: February 8, 2022 (KB5002155)

Description of the security update for SharePoint Foundation 2013: February 8, 2022 (KB5002155) Summary This security update resolves a Microsoft SharePoint Server security feature bypass vulnerability. For more information about the vulnerability, see Microsoft Common Vulnerabilities and...

Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow (CVE-2016-9343)

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a...

Rockwell Automation Logix Controllers Insufficiently Protected Credentials (CVE-2021-22681)

Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730,...

Information Exposure Vulnerability on Several Huawei Products (huawei-sa-20220112-01-infodis)

There is an information exposure vulnerability on several Huawei...

Release of Invalid Pointer Vulnerability in Some Huawei Products (huawei-sa-20220112-01-invalid)

There is a release of invalid pointer vulnerability in some Huawei...

CVE-2021-40033

There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800;...

CVE-2021-40042

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine.....

CVE-2021-40042

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine.....

CVE-2021-40033

There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800;...

Information disclosure

There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800;...

Null pointer dereference

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine.....

CVE-2021-40033

There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800;...

CVE-2021-40042

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine.....

Debian: Security Advisory (DLA-2903-1)

The remote host is missing an update for the...

[SECURITY] [DLA 2903-1] libraw security update

Debian LTS Advisory DLA-2903-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA January 29, 2022 https://wiki.debian.org/LTS Package : libraw Version : 0.17.2-6+deb9u2 CVE ID :...

libraw - security update

Bulletin has no...

Mageia: Security Advisory (MGASA-2020-0090)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2013-0322)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2017-0229)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2017-0268)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2017-0174)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2017-0303)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2020-0091)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2018-0018)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2016-0337)

The remote host is missing an update for...

Information Disclosure Vulnerability in Multiple Huawei Products (CNVD-2022-17396)

Huawei CloudEngine 12800 is a 12800 series data center switch, Huawei Cloudengine 5800 is a 5800 series data center switch, Huawei Cloudengine 6800 is a 6800 series data center switch, Huawei Cloudengine 6800 is a 6800 series data center switch, Huawei Cloudengine 6800 is a 6800 series data center....

Buffer Overflow Vulnerability in Multiple Huawei Products (CNVD-2022-17397)

The Huawei CloudEngine 12800 is a 12800 series data center switch, and the Huawei Cloudengine 5800 is a 5800 series data center switch. Buffer overflow vulnerability exists in several Huawei products. The vulnerability stems from insufficient validation of certain parameters in messages, which can....

Security Advisory - Release of Invalid Pointer Vulnerability in Some Huawei Products

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. (Vulnerability ID: HWPSIRT-2021-64225) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-40042. This...

Security Advisory - Information Exposure Vulnerability on Several Huawei Products

There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. (Vulnerability ID: HWPSIRT-2020-32928) This vulnerability has been assigned....

Cisco IP Phone Cleartext Password Storage Vulnerability

Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 8821 and 3905 suffer from an insecure password storage...

Cisco IP Phone Cleartext Password Storage

...