1151 matches found
OESA-2022-1767 bison security update
Bison is a general-purpose parser generator that converts an annotated context-free grammar into a deterministic LR or generalized LR GLR parser employing LALR1 parser tables. As an experimental feature, Bison can also generate IELR1 or canonical LR1 parser tables. Once you are proficient with...
Cisco TelePresence VCS Multiple Vulnerabilities (cisco-sa-expressway-overwrite-3buqW8LH)
According to its self-reported version, Cisco TelePresence Video Communication Server is affected by multiple vulnerabilities in the API and in the web-based management interface that allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device...
CVE-2022-20813
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
CVE-2022-20812
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
CVE-2022-20812
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
CVE-2022-20813
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
Design/Logic Flaw
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
Design/Logic Flaw
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
CVE-2022-20813 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
CVE-2022-20813 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
CVE-2022-20813
CVE-2022-20813 affects Cisco Expressway Series (Expressway-C/Expressway-E) and Cisco TelePresence Video Communication Server (VCS). The flaw is a null byte poisoning vulnerability arising from improper certificate validation, enabling a remote attacker to mount a Man‑in‑the‑Middle and gain unauth...
CVE-2022-20812 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
CVE-2022-20812
CVE-2022-20812 affects Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). It enables an authenticated remote attacker with Administrator read-write privileges to trigger path traversal and overwrite arbitrary files via the cluster database API due to insufficient inp...
CVE-2022-20812 Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
CVE-2022-20812
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
CVE-2022-20813
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...
PT-2022-3468 · Cisco · Cisco Telepresence Video Communication Server +1
Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and the web-based management interface of the affected...
Null Byte HTTP Encodings
Null Byte HTTP Encodings...
Deserialization of Untrusted Data in Apache Tomcat
The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar iss...