Blog

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Catalyst%20SD-WAN%20Manager%20Web%20UI%20HTML%20Injection%20Vulnerability&vs_k=1

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20and%20IOS%20XE%20Software%20Cisco%20Group%20Encrypted%20Transport%20VPN%20Software%20Out-of-Bounds%20Write%20Vulnerability&vs_k=1

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-wncd-HFGMsfSD?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20for%20Wireless%20LAN%20Controllers%20Wireless%20Network%20Control%20Denial%20of%20Service%20Vulnerability&vs_k=1

The ever-changing threat landscape necessitates a paradigm shift in the way we approach cybersecurity. Embracing change is no longer an option; it’s a necessity to properly mount a defense against today’s cyber threats. Effective security requires a mindset shift that involves a collective effort across the organization with everyone having a role to play – … ContinuedThe post Embrace the Security Mindset: Design Decisions for a Fortified Next-Generation Multi-Cloud More info: https://blogs.vmware.com/security/2023/09/embrace-the-security-mindset-design-decisions-for-a-fortified-next-generation-multi-cloud-infrastructure-platform.html?utm_source=rss&utm_medium=rss&utm_campaign=embrace-the-security-mindset-design-decisions-for-a-fortified-next-generation-multi-cloud-infrastructure-platform

Security Advisory Description This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available. Learn more about the ... More info: https://my.f5.com/manage/s/article/K000136957?utm_source=f5support&utm_medium=RSS

Project: Drupal coreDate: 2023-September-20Security risk: Critical 16∕25 AC:Complex/A:None/CI:All/II:Some/E:Theoretical/TD:DefaultVulnerability: Cache poisoningAffected versions: >=8.7.0 =10.0 = 10.1 Description: In certain scenarios, Drupals JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.This vulnerability only affects sites with the More info: https://www.drupal.org/sa-core-2023-006

Security Advisory Description CVE-2018-7158 The `path` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was ... More info: https://my.f5.com/manage/s/article/K000136924?utm_source=f5support&utm_medium=RSS

Security Advisory Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_ ... More info: https://my.f5.com/manage/s/article/K000136903?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2021-0086 Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information ... More info: https://my.f5.com/manage/s/article/K41043270?utm_source=f5support&utm_medium=RSS

Security Advisory Description The BIG-IP system may respond with the NXDOMAIN status when it receives a DNS query on a CNAME wide IP. This issue occurs when all of the following conditions are met: More info: https://my.f5.com/manage/s/article/K23022557?utm_source=f5support&utm_medium=RSS