A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in...
5.3CVSS
5.2AI Score
0.001EPSS
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized...
5.3CVSS
5.1AI Score
0.001EPSS
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is...
7.5CVSS
7.5AI Score
0.001EPSS
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS)...
7.5CVSS
7.3AI Score
0.001EPSS
8.8CVSS
7.1AI Score
0.013EPSS
8.8CVSS
7AI Score
0.013EPSS
Description of the security update for SharePoint Foundation 2013: April 12, 2022 (KB5002189)
Description of the security update for SharePoint Foundation 2013: April 12, 2022 (KB5002189) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability and Microsoft Excel remote code execution vulnerability. To learn more about the vulnerabilities, see the...
8CVSS
7.3AI Score
0.01EPSS
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change....
10CVSS
9.4AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system....
8.1CVSS
0.001EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system....
8.1CVSS
8.1AI Score
0.001EPSS
Cross site request forgery (csrf)
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system....
8.1CVSS
8.1AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system....
1.5AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system....
6.8CVSS
8.4AI Score
0.001EPSS
Rockwell Automation Logix Controllers
EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Inclusion of Functionality from Untrusted Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...
10CVSS
9.9AI Score
0.001EPSS
Update now! Cisco fixes several vulnerabilities
Cisco has released a security advisory about two vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). The flaws could allow an authenticated, remote attacker with read/write privileges to the application.....
3AI Score
0.002EPSS
Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of...
6.5CVSS
3.5AI Score
0.002EPSS
7.4AI Score
7.1AI Score
7.1AI Score
Debian DLA-2903-1 : libraw - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2903 advisory. In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An...
8.8CVSS
8.1AI Score
0.011EPSS
microweber cross-site request forgery vulnerability (CNVD-2022-12800)
Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site request forgery vulnerability exists in microweber, which stems from the fact that the product does not...
6.5CVSS
2.7AI Score
0.001EPSS
Description of the security update for SharePoint Foundation 2013: February 8, 2022 (KB5002155)
Description of the security update for SharePoint Foundation 2013: February 8, 2022 (KB5002155) Summary This security update resolves a Microsoft SharePoint Server security feature bypass vulnerability. For more information about the vulnerability, see Microsoft Common Vulnerabilities and...
4.3CVSS
6.6AI Score
0.001EPSS
Rockwell Automation Logix5000 Programmable Automation Controller Buffer Overflow (CVE-2016-9343)
An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a...
10CVSS
9.7AI Score
0.002EPSS
Rockwell Automation Logix Controllers Insufficiently Protected Credentials (CVE-2021-22681)
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 through 20 use a key to verify Logix controllers are communicating with Rockwell Automation CompactLogix 1768, 1769, 5370, 5380, 5480: ControlLogix 5550, 5560, 5570, 5580; DriveLogix 5560, 5730,...
9.8CVSS
9.7AI Score
0.009EPSS
Information Exposure Vulnerability on Several Huawei Products (huawei-sa-20220112-01-infodis)
There is an information exposure vulnerability on several Huawei...
5.5CVSS
5.5AI Score
0.0004EPSS
Release of Invalid Pointer Vulnerability in Some Huawei Products (huawei-sa-20220112-01-invalid)
There is a release of invalid pointer vulnerability in some Huawei...
6.5CVSS
6.6AI Score
0.001EPSS
There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800;...
5.5CVSS
0.0004EPSS
There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800;...
5.5CVSS
5.1AI Score
0.0004EPSS
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine.....
6.5CVSS
6.4AI Score
0.001EPSS
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine.....
6.5CVSS
0.001EPSS
There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800;...
5.5CVSS
5.2AI Score
0.0004EPSS
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine.....
6.5CVSS
6.4AI Score
0.001EPSS
There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800;...
5.4AI Score
0.0004EPSS
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine.....
6.6AI Score
0.001EPSS
8.8CVSS
7.6AI Score
0.013EPSS
[SECURITY] [DLA 2903-1] libraw security update
Debian LTS Advisory DLA-2903-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA January 29, 2022 https://wiki.debian.org/LTS Package : libraw Version : 0.17.2-6+deb9u2 CVE ID :...
8.8CVSS
9.4AI Score
0.013EPSS
9.8CVSS
7.3AI Score
0.013EPSS
8AI Score
0.143EPSS
8.8CVSS
7.7AI Score
0.013EPSS
9.8CVSS
7.5AI Score
0.224EPSS
9.8CVSS
6.7AI Score
0.004EPSS
9.8CVSS
7.9AI Score
0.017EPSS
9.8CVSS
7.9AI Score
0.017EPSS
7.5CVSS
8.7AI Score
0.924EPSS
8.8CVSS
6.9AI Score
0.013EPSS
9.8CVSS
8.7AI Score
0.037EPSS
Information Disclosure Vulnerability in Multiple Huawei Products (CNVD-2022-17396)
Huawei CloudEngine 12800 is a 12800 series data center switch, Huawei Cloudengine 5800 is a 5800 series data center switch, Huawei Cloudengine 6800 is a 6800 series data center switch, Huawei Cloudengine 6800 is a 6800 series data center switch, Huawei Cloudengine 6800 is a 6800 series data center....
5.5CVSS
1.1AI Score
0.0004EPSS
Buffer Overflow Vulnerability in Multiple Huawei Products (CNVD-2022-17397)
The Huawei CloudEngine 12800 is a 12800 series data center switch, and the Huawei Cloudengine 5800 is a 5800 series data center switch. Buffer overflow vulnerability exists in several Huawei products. The vulnerability stems from insufficient validation of certain parameters in messages, which can....
6.5CVSS
3.5AI Score
0.001EPSS
Security Advisory - Release of Invalid Pointer Vulnerability in Some Huawei Products
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. (Vulnerability ID: HWPSIRT-2021-64225) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-40042. This...
6.5CVSS
6.2AI Score
0.001EPSS
Security Advisory - Information Exposure Vulnerability on Several Huawei Products
There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. (Vulnerability ID: HWPSIRT-2020-32928) This vulnerability has been assigned....
5.5CVSS
5AI Score
0.0004EPSS