Endian Firewall dscp Parameter Cross-Site Scripting Vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall dscp parameter, which stems from improper handling of the dscp parameter in /manage/qos/rules/, and can be exploited by an attacker to inject malicious JavaScript...

CVE-2026-34804

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-34804

Endian Firewall

CVE-2026-34804 Endian Firewall /manage/qos/rules/ dscp Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-34804

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

CVE-2026-34804 Endian Firewall /manage/qos/rules/ dscp Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

Endian Firewall 跨站脚本漏洞

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall dscp parameter, which stems from improper handling of the dscp parameter in /manage/qos/rules/, and can be exploited by an attacker to inject malicious JavaScript...

PT-2026-29764

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the dscp parameter to /manage/qos/rules/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

EUVD-2020-24969

Malware in sbrugna...

How to Apply DSCP Marking to CloudBridge Appliance with QoS Enabled

This article explains how to apply DSCP marking to CloudBridge appliance when Quality of Service QoSis enabled. Background Many networking environments use different QoS engine/traffic shaper outside of CloudBridge and hence disable the QoS feature of CloudBridge. Some of the users however would...

(0Day) Delta Industrial Automation DRAS DSCP Scope File Parsing XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation DRAS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2020-3698

CVE-2020-3698 describes an out-of-bounds write during QoS DSCP mapping caused by improper input validation of data from an association response frame in Qualcomm-powered Snapdragon platforms (widely listed devices such as APQ8009/SDM66x families and others). The underlying issue affects data hand...

CVE-2020-3698

Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voic...

lldpad security and bug fix update

1.0.1-13.git036e314 - After gating yml updates 1.0.1-12.git036e314 - Add support for DSCP selectors in APP TLVs 1704660 1.0.1-11.git036e314 - Fix memleak on TLV reception 1727326 1.0.1-10.git036e314 - Fix the OID display 1614933...

Fedora 28 : lldpad (2018-cec7093baa)

Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV CVE-2018-10932. - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network...

Fedora 29 : lldpad (2018-06d56c8c9d)

Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV CVE-2018-10932. - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network...

Fedora 27 : lldpad (2018-e9d1ec6dbc)

Add upstream fix for improper sanitization of shell-escape codes when lldptool parses a mngAddr TLV CVE-2018-10932. - Add upstream patch to support DSCP selectors in APP TLVs. This allows configuration of DSCP-based packet prioritization on capable network devices. Note that Tenable Network...

OracleVM 3.3 / 3.4 : ntp (OVMSA-2016-0082)

The remote OracleVM system is missing necessary patches to address critical security updates : - don't allow spoofed packets to demobilize associations CVE-2015-7979, CVE-2016-1547 - don't allow spoofed packet to enable symmetric interleaved mode CVE-2016-1548 - check mode of new source in config...

Scientific Linux Security Update : ntp on 7.x x86_64 (2015:2231)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2015:2231-4 advisory. - The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field...

Moderate: Red Hat Security Advisory: ntp security, bug fix, and enhancement update

Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...