Multiple Cisco Product Policy Bypass Vulnerabilities

Cisco 3000 Series Industrial Security Appliances are products of Cisco Corporation.Cisco 3000 Series Industrial Security Appliances is a 3000 Series Firewall Appliance.Cloud Cisco 3000 Series Industrial Security Appliances is a 3000 Series firewall appliance. 1000V Series Cloud Services Router is...

CVE-2020-3307 Cisco Firepower Management Center Arbitrary Log File Write Vulnerability

A vulnerability in the web UI of Cisco Firepower Management Center FMC Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability...

CVE-2020-3315 Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP...

CVE-2020-3315 Multiple Cisco Products Snort HTTP Detection Engine File Policy Bypass Vulnerability

Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP...

Debian: Security Advisory (DLA-2196-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Information Disclosure

httpd is vulnerable to information disclosure. The vulnerability exists in modproxyajp. In certain situations, if a user sent a carefully crafted HTTP request, the httpd server could return a response intended for another user...

CVE-2020-6994

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The...

CVE-2020-11100

In hpackdhtinsert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution...

CVE-2020-8551

A denial of service flaw was found in Kubernetes' Kubelet API. A remote attacker can exploit this flaw by sending repeated, crafted HTTP requests to exhaust available memory and cause a crash. Mitigation Prevent unauthenticated or unauthorized access to the Kubelet API...

CVE-2013-1753

The gzipdecode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service memory consumption via a crafted HTTP request...

Cross site request forgery (csrf)

The gzipdecode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service memory consumption via a crafted HTTP request...

Cisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass (cisco-sa-20200122-fmc-auth)

According to its self-reported version, Cisco Firepower Management Center is affected by an authentication bypass vulnerability in the web-based management interface. This is due to improper handling of Lightweight Directory Access Protocol LDAP authentication responses from an external...

Null pointer dereference

NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service application crash via a crafted HTTP request...

CVE-2012-5389

NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service application crash via a crafted HTTP request...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header...

Cisco Unified Customer Voice Portal Privilege Permission and Access Control Issues Vulnerability

Cisco Unified Customer Voice Portal CVP is a solution that provides automated Internet Protocol IP-based customer self-service and call routing as a stand-alone Interactive Voice Response IVR system or integrated with a contact center. Operations, Administration, Maintenance and Provisioning OAMP...

NewStart CGSL CORE 5.05 / MAIN 5.05 : mod_auth_openidc Multiple Vulnerabilities (NS-SA-2019-0243)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has modauthopenidc packages installed that are affected by multiple vulnerabilities: - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not sk...

ABB PB610 Panel Builder 600 PB610 HMISimulator Component Denial of Service Vulnerability

ABB PB610 Panel Builder 600 is a software for designing graphical user interfaces for the CP600 control panel platform. A security vulnerability in the ABB PB610 Panel Builder 600 PB610 HMIStudio component parsing HTTP requests allows remote attackers to exploit the vulnerability by submitting a...

CVE-2019-3996

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests...

NewStart CGSL CORE 5.04 / MAIN 5.04 : mod_auth_openidc Multiple Vulnerabilities (NS-SA-2019-0220)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has modauthopenidc packages installed that are affected by multiple vulnerabilities: - The OpenID Connect Relying Party and OAuth 2.0 Resource Server aka modauthopenidc module before 2.1.6 for the Apache HTTP Server does not sk...