Blog

Publicado el

Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Expressway%20Series%20and%20Cisco%20TelePresence%20Video%20Communication%20Server%20Command%20Injection%20Vulnerability&vs_k=1
Publicado el

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IP%20Phone%206800,%207800,%20and%208800%20Series%20with%20Multiplatform%20Firmware%20Cross-Site%20Request%20Forgery%20Vulnerability&vs_k=1
Publicado el

K000135795 : Downfall Attacks CVE-2022-40982

Security Advisory Description Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an ... More info: https://my.f5.com/manage/s/article/K000135795?utm_source=f5support&utm_medium=RSS
Publicado el

K000135831 : Node.js vulnerability CVE-2023-32067

Security Advisory Description c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet ... More info: https://my.f5.com/manage/s/article/K000135831?utm_source=f5support&utm_medium=RSS
Publicado el

K04305530 : SCP vulnerability CVE-2020-15778

Security Advisory Description scp in OpenSSH through 8.3p1 allows command injection in scp.c remote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor ... More info: https://my.f5.com/manage/s/article/K04305530?utm_source=f5support&utm_medium=RSS
Publicado el

K000135795 : Downfall Attacks CVE-2022-40982

Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been ... More info: https://my.f5.com/manage/s/article/K000135795?utm_source=f5support&utm_medium=RSS
Publicado el

CVE-2022-40982 – Gather Data Sampling – Downfall

Publication Date: 2023/08/08 1:00 PM PDT AWS is aware of CVE-2022-40982, also known as “Gather Data Sampling” (GDS) or “Downfall”. AWS customers’ data and instances are not affected by this issue, and no customer action is required. AWS has designed and implemented its infrastructure with protections against this class of issues. Amazon EC2 instances, including Lambda, Fargate, and other AWS-managed compute and container services protect customer data against GDS More info: https://aws.amazon.com/security/security-bulletins/AWS-2023-007/
Acceso Administrador
Translate »