Month: agosto 2023

Publicado el

K92451315 : OpenSSL vulnerability CVE-2020-1968

Security Advisory Description The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a ... More info: https://my.f5.com/manage/s/article/K92451315?utm_source=f5support&utm_medium=RSS
Publicado el

Cisco Unified Communications Products Arbitrary File Read Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Products%20Arbitrary%20File%20Read%20Vulnerability&vs_k=1
Publicado el

K000135709 : OpenSSH vulnerability CVE-2023-38408

Security Advisory Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to ... More info: https://my.f5.com/manage/s/article/K000135709?utm_source=f5support&utm_medium=RSS
Publicado el

Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerability

A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. An attacker could exploit this vulnerability by using an affected device to connect to a malicious server and receiving crafted HTTP More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-bypass-vXvqwzsj?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Secure%20Web%20Appliance%20Content%20Encoding%20Filter%20Bypass%20Vulnerability&vs_k=1
Publicado el

Cisco BroadWorks CommPilot Application Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-commpilot-xss-jC46sezF?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20BroadWorks%20CommPilot%20Application%20Software%20Cross-Site%20Scripting%20Vulnerability&vs_k=1
Publicado el

K000134922 : F5OS-A vulnerability CVE-2023-36494

Security Advisory Description Audit logs on the F5OS-A system may contain undisclosed sensitive information. (CVE-2023-36494) Impact This vulnerability may allow a high privileged authenticated ... More info: https://my.f5.com/manage/s/article/K000134922?utm_source=f5support&utm_medium=RSS
Acceso Administrador
Translate »