AXIS A1001

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Exploitable from adjacent network Vendor : Axis Communications Equipment : AXIS A1001 Vulnerability : Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3...

Open Networking Foundation ONOS 安全漏洞

Open Networking Foundation ONOS is an open source SDN controller from Open Networking Foundation open source. It is used to build next-generation SDN/NFV solutions. A security vulnerability exists in Open Networking Foundation ONOS version 2.5.1, which stems from an attempt by IntentManager to...

PT-2023-12979 · Onos · Onos

Name of the Vulnerable Software and Affected Versions: ONOS version 2.5.1 Description: An issue was discovered in ONOS where an intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. This occurs due to improper handling of case...

CVE-2023-20011

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system...

CVE-2023-20011

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system...

Cisco Application Policy Infrastructure Controller 跨站请求伪造漏洞

Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco. A security vulnerability exists in Cisco Application Policy Infrastructure Controller APIC, Cisco Cloud Network Controller, which stems from the web-based manageme...

CVE-2023-20011 Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system...

Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system...

Vulnerabilities fixed in Cisco products

Vulnerabilities have been fixed in several Cisco products. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root privileges Increased user privileges...

CVE-2021-0199

Improper input validation in the firmware for the IntelR Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local access...

CVE-2021-0199

Improper input validation in the firmware for the IntelR Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local access...

Improper access control

Improper access control in the firmware for the IntelR Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to potentially enable a denial of service via local access...

CVE-2021-0198

CVE-2021-0198 affects Intel Ethernet Network Controller E810 firmware prior to version 1.5.5.6. The root cause is improper access control in the firmware, which could allow a local authenticated attacker to cause a denial of service. Public documents from Red Hat, IBM (Cloud Pak System/QRadar), a...

CVE-2021-0198

Improper access control in the firmware for the IntelR Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to potentially enable a denial of service via local access...

Intel Ethernet Controllers 输入验证错误漏洞

Intel Ethernet Controllers is an Ethernet controller from Intel Corporation USA. An input validation error vulnerability exists in Intel Ethernet controllers, which stems from improper access control in IntelR Ethernet firmware prior to version 1.5.5.6 of the Network Controller E810 that could...

Intel Ethernet Controllers 安全漏洞

Intel Ethernet Controllers is an Ethernet controller from Intel Corporation. A security vulnerability in Intel Ethernet Controllers, which stems from improper access control in IntelR Ethernet firmware prior to version 1.5.5.6 of the Network Controller E810, may allow privileged users to...

ECOA Building Automation System Authorization Bypass / IDOR

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

ECOA Building Automation System Cross-Site Request Forgery

Summary 1 The Risk-Terminator Web Graphic control BEMS Building Energy Management System are designed to provide you with the latest in the Human Machine Interface HMI technology, for completely monitoring and controlling management. It may be used singly for small and medium sized facilities,...

QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets

An out-of-bounds access issue was found in the SLiRP user networking implementation of QEMU. It could occur while processing ARP/NCSI packets, if the packet length was shorter than required to accommodate respective protocol headers and payload. A privileged guest user may use this flaw to...

EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse

!/usr/bin/env python3 -- coding: utf-8 -- EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse Vendor: Embedthis Software LLC Product web page: https://www.embedthis.com Affected version: =5.1.2 and =4.1.3 Summary: GoAhead is the world's most popular, tiny embedded...