CVE-2020-23593

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery CSRF attack to enable syslog mode through ' /mgmlogcfg.asp.' The system starts to log events, 'Remote' mode or 'Both...

Cross site request forgery (csrf)

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery CSRF attack to enable syslog mode through ' /mgmlogcfg.asp.' The system starts to log events, 'Remote' mode or 'Both...

CVE-2020-23593

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery CSRF attack to enable syslog mode through ' /mgmlogcfg.asp.' The system starts to log events, 'Remote' mode or 'Both...

CVE-2020-23593

CVE-2020-23593 affects OPTILINK OP-XT71000N hardware (V2.2) with firmware OP_V3.3.1-191028. A CSRF vulnerability allows an unauthenticated, remote attacker to enable syslog mode via the page /mgm_log_cfg.asp. When triggered, the device begins logging events in either Remote or Both mode and trans...

CVE-2020-23593

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OPV3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross site request forgery CSRF attack to enable syslog mode through ' /mgmlogcfg.asp.' The system starts to log events, 'Remote' mode or 'Both...

Optilink Network OP-XT71000N 跨站请求伪造漏洞

The Optilink Network OP-XT71000N is a wireless router from Optilink Network India. A cross-site request forgery vulnerability exists in the Optilink Network OP-XT71000N version V2.2, which stems from the fact that it allows an unauthenticated, remote attacker to enable syslog mode via...

CVE-2022-40843

The Tenda AC1200 V-W15Ev2 V15.11.0.101576 router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of...

CVE-2022-40843

The Tenda AC1200 V-W15Ev2 V15.11.0.101576 router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of...

CVE-2022-40843

The Tenda AC1200 V-W15Ev2 V15.11.0.101576 router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of...

PT-2022-25574 · Tenda · Tenda Ac1200

Name of the Vulnerable Software and Affected Versions: Tenda AC1200 V-W15Ev2 version V15.11.0.101576 Description: The issue concerns improper authorization and improper session management, allowing the router login page to be bypassed. This enables authenticated attackers to read the router's...

Tenda AC1200 安全漏洞

Tenda AC1200 is a wireless router from Tenda, China. Tenda AC1200 Router Model W15Ev2 V15.11.0.101576 is vulnerable to an authorization error. An authenticated attacker can use this vulnerability to read the router's syslog.log file, which contains the MD5 password for the administrator user...

Memory corruption

An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service DoS. When there is a continuous mac move a memory corruption causes one or mo...

openSUSE: Security Advisory for vsftpd (SUSE-SU-2022:3457-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:3457-1 Security update for vsftpd

This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack PM-3322, jscSLE-23896, bsc1187686, bsc1187678. - Added hardening to systemd services bsc1181400. Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled bsc1052900. -...

EulerOS Virtualization 2.9.1 : rsyslog (EulerOS-SA-2022-2364)

According to the versions of the rsyslog package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when...

rsyslog rsyslog7 security update

rsyslog 5.8.10-12.0.2 - Back port fix for heap-based overflow in TCP syslog server - Resolves CVE-2022-24903 Orabug: 34226447 rsyslog7 7.4.10-7.0.1 - Back port fix for heap-based overflow in TCP syslog server - Resolves CVE-2022-24903 Orabug: 34226447...

Oracle Linux 6 : rsyslog / rsyslog7 (ELSA-2022-9783)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9783 advisory. - Resolves CVE-2022-24903 Orabug: 34226447 rsyslog7 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

RHEL 9 : rsyslog (RHSA-2022:4795)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4795 advisory. The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on...

CVE-2022-37108

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab...

CVE-2022-37108

An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab...