49 matches found
PT-2024-3801
Name of the Vulnerable Software and Affected Versions Check Point Security Gateways versions R77.20 through R81.20 Check Point CloudGuard Network affected versions not specified Check Point Quantum Maestro affected versions not specified Check Point Quantum Scalable Chassis affected versions not...
CVE-2023-23912
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways USG Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected devic...
CVE-2023-23912
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways USG Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected devic...
Ubiquiti EdgeRouters 代码注入漏洞
Ubiquiti EdgeRouters is a series of edge routers from Ubiquiti USA. A security vulnerability exists in Ubiquiti EdgeRouters version 2.0.9-hotfix.5 and earlier, UniFi Security Gateways USG version 4.4.56 and earlier, which stems from a vulnerability that allows a malicious actor to connect directl...
CVE-2023-23912
The CVE-2023-23912 issue affects Ubiquiti EdgeOS devices (EdgeRouters up to 2.0.9-hotfix.5 and USG up to 4.4.56). The root cause is in the dhcp6c daemon, where insufficient validation of a user-supplied string enables a network-adjacent attacker connected to the WAN to achieve remote code executi...
Check Point Response to CVE-2022-21449 - Java "Psychic Signatures"
Symptoms - On April 20, 2022, security researcher Neil Madden published a blog post in which he provided details about a newly disclosed vulnerability in Java, CVE-2022-21449 or "Psychic Signatures". This security vulnerability originates in an incorrect implementation of the ECDSA signature...
Phish Swims Past Email Security with Milanote Pages
The Milanote app, billed as the “Evernote for creatives” by reviewers, has attracted the notice of cybercriminals who are abusing it to carry out credential-stealing campaigns that skate past secure email gateways SEGs, researchers said. Milanote is a tool for organizing and collaborating on...
Microsoft, Google Clouds Hijacked for Gobs of Phish
Threat actors are cashing in on the rapid shift to cloud-based business services during the pandemic, by hiding behind ubiquitous, trusted services from Microsoft and Google to make their email phishing scams look legit. And it’s working. In fact, in the first three months of 2021 alone,...
Forrester names Microsoft a Leader in The Forrester Wave™: Cloud Security Gateways, Q2 2021
I am thrilled to share that Forrester Research has named Microsoft Cloud App Security as a Leader in The Forrester Wave: Cloud Security Gateways, Q2 2021. Additionally, Microsoft received the highest score in the strategy category. People have increasingly used cloud apps to stay productive and...
Forrester names Microsoft a Leader in The Forrester Wave™: Cloud Security Gateways, Q2 2021
I am thrilled to share that Forrester Research has named Microsoft Cloud App Security as a Leader in The Forrester Wave: Cloud Security Gateways, Q2 2021. Additionally, Microsoft received the highest score in the strategy category. People have increasingly used cloud apps to stay productive and...
Check Point Response to CVE-2020-28041 - NAT Slipstreaming
Cause The attack involves several vectors - Local IP disclosure, max MTU UDP and TCP calculation and leveraging a SIP parser weakness in fragmented HTTP packets which enables to "Slipstream" a legitimate SIP connection in an HTTP POST request generated by the victim's browser. The full descriptio...
Feds Sound Alarm Over Emotet Attacks on State, Local Govs
A dramatic uptick in Emotet phishing attacks since July has led the U.S. Cybersecurity and Infrastructure Security Agency CISA to issue a warning that state and local governments need to fortify their systems against the trojan. “This increase has rendered Emotet one of the most prevalent ongoing...
Juniper Networks SRX340 and Juniper Networks SRX345 Junos OS Resource Management Error Vulnerability
The Juniper Networks SRX340 and Juniper Networks SRX345 are both Juniper Networks products.The Juniper Networks SRX340 is a 340 Series security services gateway appliance.The Juniper Networks SRX345 is a 345 Series security services gateway appliance. The Juniper Networks SRX340 is a 340 Series...
H323 Protocol Memory Leakage Vulnerability in Multiple Huawei Products
Huawei AR and SRG series enterprise routers are all-in-one routers launched by Huawei for small and medium-sized offices or branches of small and medium-sized enterprises; Huawei SVN series products are security access gateway products launched by Huawei; NIP6300/6600 series products and Secospac...
CVE-2016-8278
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service device restart via an unspecified URL...
CVE-2016-8277
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service device restart via an unspecified command parameter...
Code injection
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service device restart via an unspecified URL...
Command injection
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service device restart via an unspecified command parameter...
CVE-2016-8278
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote attackers to cause a denial of service device restart via an unspecified URL...
CVE-2016-8278
The CVE-2016-8278 entry affects Huawei USG9520/9560/9580 devices running software before V300R001C01SPCa00, where a remote attacker could trigger a DoS leading to a device restart via an unauthenticated, unspecified URL. Public references in the provided documents corroborate the affected models ...