DP300,RP200,RSE6500,TE30,TE40,TE50,TE60,TX50,VP9660,ViewPoint 8660,ViewPoint 9030,Viewpoint 8660, Security Vulnerabilities

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0286

An update of {'envoy'} packages of Photon OS has been...

Moderate Photon OS Security Update - PHSA-2020-0286

Updates of ['envoy'] packages of Photon OS have been...

Important Photon OS Security Update - PHSA-2020-0222

Updates of ['envoy', 'zsh'] packages of Photon OS have been...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0222

An update of {'zsh', 'envoy'} packages of Photon OS has been...

RHEL 8 : Red Hat OpenShift Service Mesh 1.0.9 servicemesh-proxy (RHSA-2020:0734)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0734 advisory. envoy: Excessive CPU and/or memory usage when proxying HTTP/1.1 (CVE-2020-8659) envoy: TLS inspector bypassc (CVE-2020-8660) envoy:...

(RHSA-2020:0734) Moderate: Red Hat OpenShift Service Mesh 1.0.9 servicemesh-proxy security update

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Security Fix(es): envoy: Excessive CPU and/or memory usage when proxying HTTP/1.1 (CVE-2020-8659) envoy: TLS...

CVE-2020-8660

CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some.....

CVE-2020-8660

CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some.....

CVE-2020-8660

CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some.....

Design/Logic Flaw

CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some.....

CVE-2020-8660

CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some.....

CVE-2020-8660

An access control bypass vulnerability was found in envoy. An attacker could send specially crafted packets over TLS v1.3 to possibly bypass security...

CVE-2020-1841

Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak...

CVE-2020-1841

Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak...

Information disclosure

Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak...

CVE-2020-1841

Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak...

CVE-2020-9030

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...

CVE-2020-9030

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...

Directory traversal

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...

CVE-2020-9030

Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...

U.S. Dept Of Defense: [Critical] Insufficient Access Control On Registration Page of Webapps Website Allows Privilege Escalation to Administrator

Summary: Hello. Due to insufficient access controls and poor implementation of the registration at https://████████/████/login.cfm it was possible to register while privilege escalating to an administrator. Description: It was possible to tamper with the registration request at...

Security Bulletin: Vulnerability in IBM Java Runtime Version 6 affects IBM Cognos Business Viewpoint (CVE-2015-7575 )

Summary There is a vulnerability in IBM Runtime Environment Java Technology Edition, Version 6 that affects IBM Cognos Business Viewpoint. These issues were disclosed as part of the EXPEDITED Java specific SLOTH - Weak MD5 Signature Hash security advisory. Vulnerability Details CVEID:...

Security Bulletin: Multiple security vulnerabilities in Open Source Apache Tomcat affect IBM Cognos Business Viewpoint (CVE-2014-0227, CVE-2014-0230, CVE-2014-7810)

Summary There are multiple vulnerabilities in Open Source Apace Tomcat that is used by IBM Cognos Business Viewpoint, These were disclosed in the 02/09/2015, 04/09/2015 and 05/14/2015 X-Force Reports. IBM Cognos Business Viewpoint has addressed the applicable CVEs. Vulnerability Details CVEID:...

Security Bulletin: Vulnerability in IBM Java Runtime Version 6 affects IBM Cognos Business Viewpoint (CVE-2015-4872 )

Summary There is a vulnerability in IBM Runtime Environment Java Technology Edition, Version 6 that affects IBM Cognos Business Viewpoint. These issues were disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An unspecified...

NERC CIP compliance in Azure

When I did my first North American Electric Reliability Corporation—Critical Infrastructure Protection (NERC CIP) compliance project it was 2009. NERC CIP was at version 3. It was the first mandatory cybersecurity standard that the utility I was working for had to meet. As it does today, the Bulk.....

CVE-2013-1359

An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface...

CVE-2013-1359

An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface...

Authentication flaw

An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface...

CVE-2013-1359

An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface...

CVE-2013-1360

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote...

CVE-2013-1360

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote...

Authentication flaw

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote...

CVE-2013-1360

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote...

Security Advisory - Information Leak Vulnerability in Some Huawei Products

There is an information leak vulnerability in some Huawei products. An unauthenticated, remote attacker can make a large number of attempts to guess information. Successful exploitation may cause information leak. (Vulnerability ID: HWPSIRT-2019-10453) This vulnerability has been assigned a...

CVE-2019-19539

An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the...

CVE-2019-19539

An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the...

Design/Logic Flaw

An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the...

CVE-2019-19539

An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the...

Shlayer Trojan attacks one in ten macOS users

For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS. The first specimens of this family fell into....

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1534)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1489)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1020)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1518)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1505)

The remote host is missing an update for the Huawei...

CVE-2019-19413

There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system...

CVE-2019-19414

There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system...

Security Advisory - Two Integer Overflow Vulnerabilities in LDAP of Some Huawei Products

There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. (Vulnerability...

Security Advisory - Three DoS Vulnerabilities in the SIP Module of Some Huawei Products

There are three denial of service (DoS) vulnerabilities in the SIP module of some Huawei products. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit...

CVE-2019-8660

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code...

CVE-2019-8660

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code...