Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cisco unified computing system server firmware vulnerabilities and exploits

(subscribe to this query)
4.4
CVSSv3
CVE-2019-1880
A vulnerability in the BIOS upgrade utility of Cisco Unified Computing System (UCS) C-Series Rack Servers could allow an authenticated, local malicious user to install compromised BIOS firmware on an affected device. The vulnerability is due to insufficient validation of the firm...
Cisco Unified Computing System Server Firmware
6.6
CVSSv3
CVE-2019-1736
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical malicious user to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulne...
Cisco Fmc1000-k9 BiosCisco Fmc1000-k9 FirmwareCisco Fmc2500-k9 BiosCisco Fmc2500-k9 FirmwareCisco Fmc4500-k9 BiosCisco Fmc4500-k9 FirmwareCisco Sns-3515-k9 BiosCisco Sns-3515-k9 FirmwareCisco Sns-3595-k9 BiosCisco Sns-3595-k9 FirmwareCisco Sns-3615-k9 BiosCisco Sns-3615-k9 FirmwareCisco Sns-3655-k9 BiosCisco Sns-3655-k9 FirmwareCisco Sns-3695-k9 BiosCisco Sns-3695-k9 FirmwareCisco Tg5004-k9 BiosCisco Tg5004-k9 FirmwareCisco Tg5004-k9-rf BiosCisco Tg5004-k9-rf FirmwareCisco Identity Services Engine 2.4\\(0.357\\)Cisco Identity Services Engine 2.6\\(0.156\\)
NA
CVE-2014-3569
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected ...
Openssl Openssl 1.0.1j
NA
CVE-2015-1788
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL prior to 0.9.8s, 1.0.0 prior to 1.0.0e, 1.0.1 prior to 1.0.1n, and 1.0.2 prior to 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows re...
Openssl OpensslOpenssl Openssl 1.0.1mOpenssl Openssl 1.0.2aOpenssl Openssl 1.0.1jOpenssl Openssl 1.0.0nOpenssl Openssl 1.0.1Openssl Openssl 1.0.0cOpenssl Openssl 1.0.0iOpenssl Openssl 1.0.0Openssl Openssl 1.0.1hOpenssl Openssl 1.0.0mOpenssl Openssl 1.0.1cOpenssl Openssl 1.0.1gOpenssl Openssl 1.0.0hOpenssl Openssl 1.0.0eOpenssl Openssl 1.0.0fOpenssl Openssl 1.0.0dOpenssl Openssl 1.0.0jOpenssl Openssl 1.0.0pOpenssl Openssl 1.0.1aOpenssl Openssl 1.0.0oOpenssl Openssl 1.0.1d
NA
CVE-2015-0209
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL prior to 0.9.8zf, 1.0.0 prior to 1.0.0r, 1.0.1 prior to 1.0.1m, and 1.0.2 prior to 1.0.2a might allow remote malicious users to cause a denial of service (memory corruption and applica...
Openssl Openssl 1.0.1jOpenssl Openssl 1.0.0nOpenssl Openssl 1.0.0cOpenssl Openssl 1.0.0iOpenssl Openssl 1.0.1hOpenssl Openssl 1.0.0mOpenssl Openssl 1.0.1cOpenssl Openssl 1.0.1gOpenssl Openssl 1.0.0hOpenssl Openssl 1.0.0eOpenssl Openssl 1.0.0fOpenssl Openssl 1.0.0dOpenssl Openssl 1.0.0jOpenssl Openssl 1.0.0pOpenssl Openssl 1.0.1aOpenssl Openssl 1.0.0oOpenssl Openssl 1.0.1dOpenssl Openssl 1.0.0kOpenssl Openssl 1.0.1kOpenssl Openssl 1.0.0Openssl Openssl 1.0.1bOpenssl Openssl 1.0.1e
10
CVSSv3
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0Apache Log4jSiemens Sppa-t3000 Ses3000 FirmwareSiemens Logo\\! Soft ComfortSiemens Spectrum Power 4 4.70Siemens Spectrum Power 4Siemens Siveillance Control ProSiemens Energyip Prepay 3.7Siemens Energyip Prepay 3.8Siemens Siveillance Identity 1.6Siemens Siveillance Identity 1.5Siemens Siveillance CommandSiemens Sipass Integrated 2.85Siemens Sipass Integrated 2.80Siemens Head-end System Universal Device Integration SystemSiemens Gma-managerSiemens Energyip 8.5Siemens Energyip 8.6Siemens Energyip 8.7Siemens Energyip 9.0Siemens Energy Engage 3.1Siemens E-car Operation Center
7.4
CVSSv3
CVE-2021-3450
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve paramet...
Openssl OpensslFreebsd Freebsd 12.2Netapp Santricity Smi-s Provider Firmware -Netapp Storagegrid Firmware -Windriver Linux -Windriver Linux 18.0Windriver Linux 19.0Windriver Linux 17.0Netapp Oncommand Workflow Automation -Netapp Storagegrid -Netapp Ontap Select Deploy Administration Utility -Netapp Cloud Volumes Ontap Mediator -Fedoraproject Fedora 34Tenable Nessus AgentTenable NessusTenable Nessus Network Monitor 5.11.1Tenable Nessus Network Monitor 5.12.0Tenable Nessus Network Monitor 5.12.1Tenable Nessus Network Monitor 5.13.0Tenable Nessus Network Monitor 5.11.0Oracle Jd Edwards World Security A9.4Oracle Weblogic Server 12.2.1.4.0
7.5
CVSSv3
CVE-2021-36160
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Cloud Backup -Netapp Storagegrid -Netapp Clustered Data Ontap -Oracle Http Server 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Enterprise Manager Base Platform 13.4.0.0Oracle Http Server 12.2.1.4.0Oracle Zfs Storage Appliance Kit 8.8Oracle Enterprise Manager Base Platform 13.5.0.0Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0Broadcom Brocade Fabric Operating System Firmware -
7.5
CVSSv3
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and previous versions.
Apache Http ServerFedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 9.0Debian Debian Linux 10.0Debian Debian Linux 11.0Netapp Cloud Backup -Netapp Storagegrid -Netapp Clustered Data Ontap -Tenable Tenable.scOracle Http Server 12.2.1.3.0Oracle Instantis Enterprisetrack 17.1Oracle Instantis Enterprisetrack 17.2Oracle Instantis Enterprisetrack 17.3Oracle Peoplesoft Enterprise Peopletools 8.58Oracle Enterprise Manager Base Platform 13.4.0.0Oracle Http Server 12.2.1.4.0Oracle Zfs Storage Appliance Kit 8.8Oracle Enterprise Manager Base Platform 13.5.0.0Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0Broadcom Brocade Fabric Operating System Firmware -Siemens Sinema Server 14.0
5.9
CVSSv3
CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_ce...
Openssl OpensslDebian Debian Linux 9.0Debian Debian Linux 10.0Freebsd Freebsd 12.2Netapp Santricity Smi-s Provider -Netapp Snapcenter -Netapp Oncommand Workflow Automation -Netapp Storagegrid -Netapp Oncommand Insight -Netapp Ontap Select Deploy Administration Utility -Netapp Active Iq Unified Manager -Netapp Cloud Volumes Ontap Mediator -Netapp E-series Performance Analyzer -Tenable Tenable.scTenable NessusTenable Nessus Network Monitor 5.11.1Tenable Nessus Network Monitor 5.12.0Tenable Nessus Network Monitor 5.12.1Tenable Nessus Network Monitor 5.13.0Tenable Nessus Network Monitor 5.11.0Tenable Log Correlation EngineFedoraproject Fedora 34
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook