MidnightBSD

Advisories for zzinc

CVE-2015-0718 HIGH

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco unified_computing_system 2.0_1s
cisco unified_computing_system 1.4_1j
cisco unified_computing_system 1.4_4i
zzinc keymouse_firmware 3.08
cisco unified_computing_system 2.2_1c
cisco unified_computing_system 2.2_1e
cisco unified_computing_system 1.4_1m
cisco unified_computing_system 1.4_4j
cisco unified_computing_system 2.1_1b
cisco unified_computing_system 2.0_4b
cisco unified_computing_system 2.0_5f
cisco unified_computing_system 2.0_3a
cisco unified_computing_system 1.4_3m
cisco unified_computing_system 2.2_1b
cisco unified_computing_system 2.1_2d
netgear jr6150_firmware *
cisco unified_computing_system 1.4_3q
cisco unified_computing_system 2.1_3b
cisco unified_computing_system 2.0_1x
cisco unified_computing_system 2.1_1f
cisco unified_computing_system 2.1_3d
cisco unified_computing_system 2.1_1e
cisco unified_computing_system 2.2_2e
cisco unified_computing_system 1.6_base
cisco unified_computing_system 2.0_1q
cisco unified_computing_system 2.1_1a
cisco unified_computing_system 2.0_1w
cisco unified_computing_system 1.5_base
cisco unified_computing_system 2.1_3f
cisco unified_computing_system 2.0_2m
cisco unified_computing_system 2.0_5c
cisco unified_computing_system 1.4_4g
cisco unified_computing_system 2.1_1d
cisco unified_computing_system 2.1_3c
cisco unified_computing_system 2.0_5e
cisco unified_computing_system 2.1_3a
cisco unified_computing_system 1.4_3s
cisco unified_computing_system 1.4_3u
cisco unified_computing_system 1.4_3y
cisco unified_computing_system 1.4_4k
cisco unified_computing_system 2.2_2d
cisco unified_computing_system 2.0_3b
cisco unified_computing_system 1.4_3l
cisco unified_computing_system 2.0_4d
zyxel gs1900-10hp_firmware *
cisco unified_computing_system 2.0_4a
cisco unified_computing_system 2.0_5b
cisco unified_computing_system 2.2_1d
cisco unified_computing_system 2.1_3e
cisco unified_computing_system 2.0_2r
cisco unified_computing_system 2.0_5a
cisco unified_computing_system 1.4_4l
cisco unified_computing_system 2.2_2c
cisco unified_computing_system 2.0_3c
cisco nx-os base
cisco unified_computing_system 2.0_2q
cisco unified_computing_system 2.1_2c
cisco unified_computing_system 1.4_4f
samsung x14j_firmware t-ms14jakucb-1102.5
cisco unified_computing_system 2.0_5d
cisco unified_computing_system 2.1_2a
cisco unified_computing_system 1.4_3i
cisco unified_computing_system 2.0_1t
cisco unified_computing_system 1.4_1i
sun opensolaris snv_124
CVE-2015-6312 HIGH

Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
netgear jr6150_firmware *
zzinc keymouse_firmware 3.08
zyxel gs1900-10hp_firmware *
CVE-2015-6313 HIGH

Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
zzinc keymouse_firmware 3.08
zyxel gs1900-10hp_firmware *
sun opensolaris snv_124
CVE-2016-1302 HIGH

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
cisco nx-os base
zzinc keymouse_firmware 3.08
zyxel gs1900-10hp_firmware *
sun opensolaris snv_124
samsung x14j_firmware t-ms14jakucb-1102.5
CVE-2016-1307 MEDIUM

The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,CWE-287,

Products Affected

Vendor Product Version
zzinc keymouse_firmware 3.08
zyxel gs1900-10hp_firmware *
CVE-2016-1319 MEDIUM

Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
zzinc keymouse_firmware 3.08
zyxel gs1900-10hp_firmware *
sun opensolaris snv_124
samsung x14j_firmware t-ms14jakucb-1102.5
CVE-2016-1329 HIGH

Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
zzinc keymouse_firmware 3.08
zyxel gs1900-10hp_firmware *
sun opensolaris snv_124
samsung x14j_firmware t-ms14jakucb-1102.5
CVE-2016-1330 MEDIUM

Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of service (device reload) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuy27746.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
zzinc keymouse_firmware 3.08
CVE-2016-1344 HIGH

The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.6e_3.6.2ae
cisco ios_xe 3.7e_3.7.1e
cisco ios_xe 3.12s_3.12.3s
cisco ios_xe 3.13s_3.13.0as
cisco ios_xe 3.6e_3.6.1e
zzinc keymouse_firmware 3.08
cisco ios_xe 3.7e_3.7.3e
cisco ios_xe 3.4sg_3.4.2sg
cisco ios_xe 3.10s_3.10.0s
cisco ios_xe 3.5e_3.5.1e
cisco ios_xe 3.8s_3.8.2s
cisco ios_xe 3.7s_3.7.7s
cisco ios_xe 3.13s_3.13.2as
cisco ios_xe 3.3s_3.3.2s
cisco ios_xe 3.4sg_3.4.7sg
cisco ios_xe 3.4s_3.4.0as
cisco ios_xe 3.9s_3.9.1s
cisco ios_xe 3.14s_3.14.2s
cisco ios_xe 3.5s_3.5.2s
cisco ios_xe 3.4sg_3.4.4sg
cisco ios_xe 3.15s_3.15.2s
cisco ios_xe 3.7s_3.7.2s
cisco ios_xe 3.3sg_3.3.1sg
cisco ios_xe 3.4sg_3.4.0sg
cisco ios_xe 3.7s_3.7.0s
cisco ios_xe 3.9s_3.9.1as
cisco ios_xe 3.4sg_3.4.6sg
cisco ios_xe 3.7s_3.7.1s
cisco ios_xe 3.16s_3.16.1s
cisco ios_xe 3.12s_3.12.0s
cisco ios_xe 3.4sg_3.4.3sg
cisco ios_xe 3.11s_3.11.1s
cisco ios_xe 3.5e_3.5.3e
cisco ios_xe 3.16s_3.16.1as
cisco ios_xe 3.7s_3.7.6s
cisco ios_xe 3.13s_3.13.1s
cisco ios_xe 3.3sg_3.3.2sg
cisco ios_xe 3.11s_3.11.2s
cisco ios_xe 3.3xo_3.3.1xo
cisco ios_xe 3.15s_3.15.1cs
cisco ios_xe 3.13s_3.13.2s
cisco ios_xe 3.7e_3.7.0e
cisco ios_xe 3.4s_3.4.2s
cisco ios_xe 3.12s_3.12.2s
cisco ios_xe 3.15s_3.15.0s
cisco ios_xe 3.5e_3.5.2e
cisco ios_xe 3.4s_3.4.3s
cisco ios_xe 3.8e_3.8.1e
cisco ios_xe 3.8s_3.8.0s
lenovo thinkcentre_e75s_firmware *
cisco ios_xe 3.4sg_3.4.5sg
cisco ios_xe 3.6e_3.6.2e
cisco ios_xe 3.4s_3.4.6s
sun opensolaris snv_124
cisco ios_xe 3.7e_3.7.2e
cisco ios_xe 3.13s_3.13.3s
cisco ios_xe 3.3xo_3.3.0xo
cisco ios_xe 3.11s_3.11.0s
cisco ios_xe 3.5s_3.5.1s
cisco ios_xe 3.4s_3.4.0s
cisco ios_xe 3.7s_3.7.5s
cisco ios_xe 3.10s_3.10.4s
netgear jr6150_firmware *
cisco ios_xe 3.16s_3.16.0cs
cisco ios_xe 3.10s_3.10.2s
cisco ios_xe 3.14s_3.14.3s
cisco ios_xe 3.6s_3.6.0s
cisco ios_xe 3.10s_3.10.1s
cisco ios_xe 3.10s_3.10.6s
cisco ios_xe 3.3sg_3.3.0sg
cisco ios_xe 3.4sg_3.4.1sg
cisco ios_xe 3.4s_3.4.5s
cisco ios_xe 3.17s_3.17.0s
cisco ios_xe 3.13s_3.13.4s
cisco ios_xe 3.11s_3.11.3s
cisco ios_xe 3.6e_3.6.0e
cisco ios_xe 3.14s_3.14.1s
cisco ios_xe 3.7s_3.7.2ts
cisco ios_xe 3.3s_3.3.1s
cisco ios_xe 3.4s_3.4.1s
cisco ios_xe 3.7s_3.7.4s
cisco ios_xe 3.13s_3.13.0s
cisco ios_xe 3.8e_3.8.0e
cisco ios_xe 3.4s_3.4.4s
cisco ios_xe 3.9s_3.9.2s
cisco ios_xe 3.12s_3.12.1s
cisco ios_xe 3.9s_3.9.0s
zyxel gs1900-10hp_firmware *
cisco ios_xe 3.6s_3.6.2s
cisco ios_xe 3.6s_3.6.1s
cisco ios_xe 3.3xo_3.3.2xo
cisco ios_xe 3.5e_3.5.0e
cisco ios_xe 3.8s_3.8.1s
cisco ios_xe 3.6e_3.6.3e
cisco ios_xe 3.7s_3.7.4as
cisco ios_xe 3.9s_3.9.0as
samsung x14j_firmware t-ms14jakucb-1102.5
cisco ios_xe 3.14s_3.14.0s
cisco ios_xe 3.10s_3.10.3s
cisco ios_xe 3.11s_3.11.4s
cisco ios_xe 3.3s_3.3.0s
cisco ios_xe 3.10s_3.10.5s
cisco ios_xe 3.5s_3.5.0s
cisco ios_xe 3.12s_3.12.4s
cisco ios_xe 3.16s_3.16.0s
cisco ios_xe 3.10s_3.10.1xbs
cisco ios_xe 3.15s_3.15.1s
cisco ios_xe 3.7s_3.7.3s
CVE-2016-1346 HIGH

The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
dell emc_powerscale_onefs 8.2.2
netgear jr6150_firmware *
zzinc keymouse_firmware 3.08
zyxel gs1900-10hp_firmware *
samsung x14j_firmware t-ms14jakucb-1102.5
CVE-2016-1348 HIGH

Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.7e_3.7.2e
cisco ios_xe 3.13s_3.13.3s
cisco ios_xe 3.6e_3.6.2ae
cisco ios_xe 3.7e_3.7.1e
cisco ios_xe 3.12s_3.12.3s
cisco ios_xe 3.13s_3.13.0as
cisco ios_xe 3.6e_3.6.1e
zzinc keymouse_firmware 3.08
cisco ios_xe 3.3xo_3.3.0xo
cisco ios_xe 3.11s_3.11.0s
cisco ios_xe 3.5s_3.5.1s
cisco ios_xe 3.10s_3.10.0s
cisco ios_xe 3.5e_3.5.1e
cisco ios_xe 3.7s_3.7.5s
cisco ios_xe 3.8s_3.8.2s
cisco ios_xe 3.10s_3.10.4s
netgear jr6150_firmware *
cisco ios_xe 3.16s_3.16.0cs
cisco ios_xe 3.10s_3.10.2s
cisco ios_xe 3.7s_3.7.7s
cisco ios_xe 3.13s_3.13.2as
cisco ios_xe 3.14s_3.14.3s
cisco ios_xe 3.6s_3.6.0s
cisco ios_xe 3.10s_3.10.1s
cisco ios_xe 3.10s_3.10.6s
cisco ios_xe 3.9s_3.9.1s
cisco ios_xe 3.14s_3.14.2s
cisco ios_xe 3.5s_3.5.2s
cisco ios_xe 3.15s_3.15.2s
cisco ios_xe 3.7s_3.7.2s
cisco ios_xe 3.7s_3.7.0s
cisco ios_xe 3.9s_3.9.1as
cisco ios_xe 3.13s_3.13.4s
cisco ios_xe 3.11s_3.11.3s
cisco ios_xe 3.6e_3.6.0e
cisco ios_xe 3.7s_3.7.1s
cisco ios_xe 3.14s_3.14.1s
cisco ios_xe 3.16s_3.16.1s
cisco ios_xe 3.12s_3.12.0s
cisco ios_xe 3.7s_3.7.2ts
cisco ios_xe 3.11s_3.11.1s
cisco ios_xe 3.5e_3.5.3e
cisco ios_xe 3.16s_3.16.1as
cisco ios_xe 3.7s_3.7.6s
cisco ios_xe 3.13s_3.13.1s
cisco ios_xe 3.7s_3.7.4s
cisco ios_xe 3.13s_3.13.0s
cisco ios_xe 3.8e_3.8.0e
cisco ios_xe 3.9s_3.9.2s
cisco ios_xe 3.12s_3.12.1s
cisco ios_xe 3.11s_3.11.2s
cisco ios_xe 3.3xo_3.3.1xo
cisco ios_xe 3.9s_3.9.0s
cisco ios_xe 3.15s_3.15.1cs
zyxel gs1900-10hp_firmware *
cisco ios_xe 3.6s_3.6.2s
cisco ios_xe 3.13s_3.13.2s
cisco ios_xe 3.6s_3.6.1s
cisco ios_xe 3.3xo_3.3.2xo
cisco ios_xe 3.5e_3.5.0e
cisco ios_xe 3.7e_3.7.0e
cisco ios_xe 3.12s_3.12.2s
cisco ios_xe 3.8s_3.8.1s
cisco ios_xe 3.6e_3.6.3e
cisco ios_xe 3.7s_3.7.4as
cisco ios_xe 3.15s_3.15.0s
cisco ios_xe 3.9s_3.9.0as
samsung x14j_firmware t-ms14jakucb-1102.5
cisco ios_xe 3.14s_3.14.0s
cisco ios_xe 3.10s_3.10.3s
cisco ios_xe 3.11s_3.11.4s
cisco ios_xe 3.5e_3.5.2e
cisco ios_xe 3.10s_3.10.5s
cisco ios_xe 3.5s_3.5.0s
cisco ios_xe 3.8s_3.8.0s
cisco ios_xe 3.12s_3.12.4s
cisco ios_xe 3.6e_3.6.2e
cisco ios_xe 3.16s_3.16.0s
sun opensolaris snv_124
cisco ios_xe 3.10s_3.10.1xbs
cisco ios_xe 3.15s_3.15.1s
cisco ios_xe 3.7s_3.7.3s
CVE-2016-1349 HIGH

The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.7e_3.7.2e
cisco ios_xe 3.6e_3.6.2ae
cisco ios_xe 3.3se_3.3.3se
cisco ios_xe 3.7e_3.7.1e
cisco ios_xe 3.3se_3.3.4se
cisco ios_xe 3.4sg_3.4.3sg
cisco ios_xe 3.6e_3.6.1e
cisco ios_xe 3.2se_3.2.3se
zzinc keymouse_firmware 3.08
cisco ios_xe 3.3xo_3.3.0xo
cisco ios_xe 3.5e_3.5.3e
cisco ios_xe 3.4sg_3.4.2sg
cisco ios_xe 3.5e_3.5.1e
cisco ios_xe 3.3se_3.3.1se
netgear jr6150_firmware *
cisco ios_xe 3.3se_3.3.0se
intel core_i5-9400f_firmware -
cisco ios_xe 3.3xo_3.3.1xo
cisco ios_xe 3.2se_3.2.2se
zyxel gs1900-10hp_firmware *
cisco ios_xe 3.2se_3.2.0se
cisco ios_xe 3.3xo_3.3.2xo
cisco ios_xe 3.5e_3.5.0e
cisco ios_xe 3.7e_3.7.0e
cisco ios_xe 3.3se_3.3.5se
cisco ios_xe 3.3se_3.3.2se
samsung x14j_firmware t-ms14jakucb-1102.5
cisco ios_xe 3.4sg_3.4.4sg
cisco ios_xe 3.2ja_3.2.0ja
cisco ios_xe 3.4sg_3.4.0sg
cisco ios_xe 3.4sg_3.4.1sg
cisco ios_xe 3.5e_3.5.2e
cisco ios_xe 3.2se_3.2.1se
cisco ios_xe 3.4sg_3.4.6sg
cisco ios_xe 3.4sg_3.4.5sg
cisco ios_xe 3.6e_3.6.0e
cisco ios_xe 3.6e_3.6.2e
sun opensolaris snv_124
CVE-2016-1350 HIGH

Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.9.0s
cisco ios_xe 3.9.0as
zzinc keymouse_firmware 3.08
cisco ios_xe 3.10.1s
cisco ios_xe 3.10.1xbs
samsung x14j_firmware t-ms14jakucb-1102.5
cisco ios_xe 3.10.0s
cisco ios_xe 3.10.2s
cisco ios_xe 3.8.0s
cisco ios_xe 3.11.0s
cisco ios_xe 3.9.1s
cisco ios_xe 3.9.2s
cisco ios_xe 3.9.1as
lenovo thinkcentre_e75s_firmware *
cisco ios_xe 3.8.2s
cisco ios_xe 3.8.1s
zyxel gs1900-10hp_firmware *
sun opensolaris snv_124
CVE-2022-24644 MEDIUM

ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-494,

Products Affected

Vendor Product Version
zzinc keymouse_firmware 2.02
zzinc keymouse_firmware 3.05
zzinc keymouse_firmware 3.08