MS15-086: Security update for Update Rollup 10 for System Center 2012 Operations Manager Service Pack 1: August 11, 2015 Introduction This article describes the issues that are fixed in Update Rollup 10 for Microsoft System Center 2012 Operations Manager Service Pack 1 (SP1). Additionally, this...
6.5AI Score
5.3CVSS
6.1AI Score
0.001EPSS
An update of {'envoy'} packages of Photon OS has been...
5.3CVSS
6.2AI Score
0.001EPSS
Important Photon OS Security Update - PHSA-2020-0222
Updates of ['envoy', 'zsh'] packages of Photon OS have been...
9.8CVSS
1.7AI Score
0.004EPSS
An update of {'zsh', 'envoy'} packages of Photon OS has been...
8.1CVSS
0.9AI Score
0.004EPSS
RHEL 8 : Red Hat OpenShift Service Mesh 1.0.9 servicemesh-proxy (RHSA-2020:0734)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0734 advisory. envoy: Excessive CPU and/or memory usage when proxying HTTP/1.1 (CVE-2020-8659) envoy: TLS inspector bypassc (CVE-2020-8660) envoy:...
7.5CVSS
6.8AI Score
0.003EPSS
(RHSA-2020:0734) Moderate: Red Hat OpenShift Service Mesh 1.0.9 servicemesh-proxy security update
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Security Fix(es): envoy: Excessive CPU and/or memory usage when proxying HTTP/1.1 (CVE-2020-8659) envoy: TLS...
0.9AI Score
0.003EPSS
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some.....
5.3CVSS
5.6AI Score
0.001EPSS
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some.....
5.3CVSS
6.9AI Score
0.001EPSS
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some.....
5.3CVSS
5.8AI Score
0.001EPSS
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some.....
5.3CVSS
5.7AI Score
0.001EPSS
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some.....
5.8AI Score
0.001EPSS
An access control bypass vulnerability was found in envoy. An attacker could send specially crafted packets over TLS v1.3 to possibly bypass security...
5.3CVSS
5.8AI Score
0.001EPSS
Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak...
7.5CVSS
7.5AI Score
0.004EPSS
Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak...
7.5CVSS
7.4AI Score
0.004EPSS
Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak...
7.5CVSS
7.4AI Score
0.004EPSS
Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak...
7.5AI Score
0.004EPSS
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...
6.5CVSS
6.5AI Score
0.001EPSS
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...
6.5CVSS
6.6AI Score
0.001EPSS
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...
6.5CVSS
6.5AI Score
0.001EPSS
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the...
6.6AI Score
0.001EPSS
Summary: Hello. Due to insufficient access controls and poor implementation of the registration at https://████████/████/login.cfm it was possible to register while privilege escalating to an administrator. Description: It was possible to tamper with the registration request at...
0.5AI Score
Summary There is a vulnerability in IBM Runtime Environment Java Technology Edition, Version 6 that affects IBM Cognos Business Viewpoint. These issues were disclosed as part of the EXPEDITED Java specific SLOTH - Weak MD5 Signature Hash security advisory. Vulnerability Details CVEID:...
5.9CVSS
0.8AI Score
0.003EPSS
Summary There are multiple vulnerabilities in Open Source Apace Tomcat that is used by IBM Cognos Business Viewpoint, These were disclosed in the 02/09/2015, 04/09/2015 and 05/14/2015 X-Force Reports. IBM Cognos Business Viewpoint has addressed the applicable CVEs. Vulnerability Details CVEID:...
0.6AI Score
0.946EPSS
Summary There is a vulnerability in IBM Runtime Environment Java Technology Edition, Version 6 that affects IBM Cognos Business Viewpoint. These issues were disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An unspecified...
1.3AI Score
0.008EPSS
When I did my first North American Electric Reliability Corporation—Critical Infrastructure Protection (NERC CIP) compliance project it was 2009. NERC CIP was at version 3. It was the first mandatory cybersecurity standard that the utility I was working for had to meet. As it does today, the Bulk.....
0.6AI Score
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface...
9.8CVSS
9.1AI Score
0.972EPSS
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface...
9.8CVSS
9.3AI Score
0.972EPSS
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface...
9.8CVSS
7AI Score
0.972EPSS
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface...
9.3AI Score
0.972EPSS
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote...
9.8CVSS
9AI Score
0.212EPSS
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote...
9.8CVSS
9.2AI Score
0.212EPSS
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote...
9.8CVSS
6.9AI Score
0.212EPSS
An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote...
9.2AI Score
0.212EPSS
Security Advisory - Information Leak Vulnerability in Some Huawei Products
There is an information leak vulnerability in some Huawei products. An unauthenticated, remote attacker can make a large number of attempts to guess information. Successful exploitation may cause information leak. (Vulnerability ID: HWPSIRT-2019-10453) This vulnerability has been assigned a...
7.5CVSS
6.9AI Score
0.004EPSS
An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the...
5.5CVSS
5.6AI Score
0.0004EPSS
An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the...
5.5CVSS
5.6AI Score
0.0004EPSS
An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the...
5.5CVSS
5.6AI Score
0.0004EPSS
An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the...
5.6AI Score
0.0004EPSS
Shlayer Trojan attacks one in ten macOS users
For close to two years now, the Shlayer Trojan has been the most common threat on the macOS platform: in 2019, one in ten of our Mac security solutions encountered this malware at least once, and it accounts for almost 30% of all detections for this OS. The first specimens of this family fell into....
-0.1AI Score
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1534)
The remote host is missing an update for the Huawei...
7.8CVSS
8.1AI Score
0.36EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1489)
The remote host is missing an update for the Huawei...
9.8CVSS
7AI Score
0.054EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1020)
The remote host is missing an update for the Huawei...
9.8CVSS
7.2AI Score
0.054EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1518)
The remote host is missing an update for the Huawei...
7.8CVSS
8.4AI Score
0.003EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1505)
The remote host is missing an update for the Huawei...
9.8CVSS
8.3AI Score
0.03EPSS
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system...
7.5CVSS
7.5AI Score
0.002EPSS
There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system...
7.5CVSS
7.5AI Score
0.002EPSS
Security Advisory - Two Integer Overflow Vulnerabilities in LDAP of Some Huawei Products
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. (Vulnerability...
7.5CVSS
7.3AI Score
0.002EPSS
Security Advisory - Three DoS Vulnerabilities in the SIP Module of Some Huawei Products
There are three denial of service (DoS) vulnerabilities in the SIP module of some Huawei products. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit...
7.5CVSS
7.7AI Score
0.002EPSS
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code...
9.8CVSS
8.5AI Score
0.056EPSS