CVE-2023-4885 Multiple vulnerabilities in Open5GS

Man in the Middle vulnerability, which could allow an attacker to intercept VNF Virtual Network Function communications resulting in the exposure of sensitive information...

CVE-2023-4882

CVE-2023-4882 is a Denial of Service issue in Open5GS where an attacker can register a new VNF value, triggering the args_assets() function in arg-log.php to execute args-abort.c and crash the service. Red Hat and other sources corroborate the issue; no explicit exploit details or vulnerable vers...

Open5GS 安全漏洞

Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS, which can be exploited by an attacker to register new VNF Virtual Network Function values...

QEMU Competitive Conditions Problem Vulnerability

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU, which stems from a null pointer dereference issue in the vhostvdpagetvhostnet function...

Vulnerabilities fixed in Oracle Communications

Vulnerabilities have been fixed in Oracle Communications products. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code executio...

GLSA-202305-09 : syslog-ng: Denial of Service

The remote host is affected by the vulnerability described in GLSA-202305-09 syslog-ng: Denial of Service - An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the...

Vulnerabilities fixed in Oracle Communications

Vulnerabilities have been fixed in Oracle Communications. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data...

Denial Of Service (DoS)

syslog-ng is vulnerable to Denial Of Service DoS. The vulnerability exists due to the integer overflow in the RFC3164 parser in the library, which allows an attacker to cause an application crash through the syslog input that is mishandled by the TCP or network function...

CVE-2022-38725

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

UBUNTU-CVE-2022-38725

An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected...

PT-2022-9794 · Lanner · Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: A broken access control issue in the First network func function of spx restservice allows an attacker to arbitrarily change the network configuration of the BMC...

Cisco Enterprise NFV Infrastructure Software 安全漏洞

Cisco Enterprise NFV Infrastructure Software is a set of NVF infrastructure software platform from Cisco USA. The platform enables full lifecycle management of virtualization services through a central orchestrator and controller.Cisco Enterprise NFV Infrastructure Software is vulnerable to...

Cisco IOS XE Wireless Controller software拒绝服务漏洞

Cisco IOS XE Wireless Controller software is a wireless LAN controller from Cisco, Inc. Cisco IOS XE Wireless Controller software, which provides a managed network function, suffers from a denial-of-service vulnerability that stems from inadequate validation of incoming CAPWAP packets encapsulati...

Cisco Enterprise NFV Infrastructure Software 操作系统命令注入漏洞

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A command injection vulnerability exists in Cisco Enterprise NFV...

Cisco Elastic Services Controller Denial of Service Vulnerability

The Cisco Elastic Services Controller ESC is a virtual network function manager VNFM that manages the lifecycle of virtual network functions VNFs. A denial of service vulnerability exists in system resource management in Cisco Elastic Services Controller 5.3.0.94 and earlier. The vulnerability...

Cisco Enterprise NFV Infrastructure Software (NFVIS)跨站脚本漏洞

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A cross-site scripting vulnerability exists in the web management interface ...

Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A path traversal vulnerability exists in Cisco Enterprise NFV Infrastructure...

CVE-2020-1614

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function VNF instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service e.g. SSH on the VNF, either locally, or...

Cisco Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A VNC authentication bypass vulnerability exists in the Virtual Network...

Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability (CNVD-2019-38848)

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A command injection vulnerability exists in the web portal of Cisco Enterpri...