Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability

A vulnerability in the access control list ACL programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is...

Schneider Electric Harmony Control Relay Authorization Issue Vulnerability

The Schneider Electric Harmony Control Relay is a three-phase monitoring relay from Schneider Electric France. An authorization issue vulnerability exists in the Schneider Electric Harmony Control Relay RMNF22TB30, which stems from the presence of an incorrect authentication vulnerability that...

CVE-2023-5389

An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files...

CVE-2023-5389

An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files...

Yamaha wireless LAN access point devices vulnerable to active debug code

Overview Active debug code CWE-489 exists in wireless LAN access point devices provided by Yamaha Corporation. The debug function can be enabled by performing specific operations. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer...

USN-6591-1 postfix vulnerability

Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly use this issue to bypass an email authentication mechanism, allowing domain spoofing and potential spamming. Please note that certain configuration changes are required to address...

Siemens SCALANCE M-800, RUGGEDCOM RM1224 Uncontrolled Resource Consumption (CVE-2023-44321)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU, RUGGEDCOM RM1224 LTE4G NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router Annex A, SCALANCE M812-1 ADSL-Router Annex B, SCALANCE M816-1 ADSL-Router Annex A, SCALANCE M816-1 ADSL-Router Annex B, SCALANCE M826-2 SHDSL-Router, SCALANC...

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software, related to the use of a weak password hash function, allows attackers to modify the device’s configuration.

The vulnerability of Siemens SCALANCE industrial switches’ microprogrammed software is related to the use of a weak password hash function. Exploiting this vulnerability could allow an attacker to remotely modify the device’s configuration...

CVE-2023-44321

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again...

CVE-2023-44321

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again...

CVE-2023-44321

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again...

Design/Logic Flaw

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again...

CVE-2023-44321

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available again...

CVE-2023-39695

Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out...

Design/Logic Flaw

An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a...

CVE-2023-44201 Junos OS and Junos OS Evolved: A local attacker can retrieve sensitive information and elevate privileges on the device to an authorized user.

An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a...

Juniper Networks Junos OS and Junos OS Evolved Security Vulnerabilities

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system designed for use with the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK...

Juniper Junos OS Vulnerability (JSA73167)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73167 advisory. - An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated...

CVE-2023-5288

A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device...

Apache CouchDB < 3.1.2 Privilege Escalation

According to its banner, the version of CouchDB running on the remote host is prior 3.1,2. It is, therefore, affected by a privilege escalation vulnerability. A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin...