Month: julio 2023

Publicado el

K000135621 : VMware Tools vulnerability CVE-2023-20867

Security Advisory Description A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest ... More info: https://my.f5.com/manage/s/article/K000135621?utm_source=f5support&utm_medium=RSS
Publicado el

CVE-2023-20593

Initial Publication Date: 07/26/2023 11:00AM PDT AWS is aware of CVE-2023-20593, otherwise known as "ZenBleed", and can confirm this issue affects AMD “Zen 2”, also known as “Rome”, CPUs that power the C5a, C5ad, G4ad, and G5 instance families. Because of the design of the EC2 Nitro hypervisor, there is no risk of cross-instance data access. As part of the shared responsibility model, and to maintain best practices, we recommend you always use instances as a More info: https://aws.amazon.com/security/security-bulletins/AWS-2023-004/
Publicado el

Cisco BroadWorks Privilege Escalation Vulnerability

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-priv-esc-qTgUZOsQ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20BroadWorks%20Privilege%20Escalation%20Vulnerability&vs_k=1
Publicado el

Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) or HTML injection attacks. For more information about these vulnerabilities, see the Details section of this advisory. There are no workarounds that address these vulnerabilities. This advisory is available at the following More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Small%20Business%20SPA500%20Series%20IP%20Phones%20Web%20UI%20Vulnerabilities&vs_k=1
Publicado el

Cisco BroadWorks Privilege Escalation Vulnerability

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-priv-esc-qTgUZOsQ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20BroadWorks%20Privilege%20Escalation%20Vulnerability&vs_k=1
Publicado el

K000135507 : Java vulnerabilities CVE-2020-14781

Security Advisory Description Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and ... More info: https://my.f5.com/manage/s/article/K000135507?utm_source=f5support&utm_medium=RSS
Acceso Administrador
Translate »