Blog

A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-sql-X9MmjSYh?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Smart%20Software%20Manager%20On-Prem%20SQL%20Injection%20Vulnerability&vs_k=1

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg-web-multi-S9g4Nkgv?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Small%20Business%20Series%20Switches%20Buffer%20Overflow%20Vulnerabilities&vs_k=1

A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication. Cisco has More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Business%20Wireless%20Access%20Points%20Social%20Login%20Guest%20User%20Authentication%20Bypass%20Vulnerability&vs_k=1

Security Advisory Description Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an ... More info: https://my.f5.com/manage/s/article/K000134616?utm_source=f5support&utm_medium=RSS

null More info: https://my.f5.com/manage/s/article/K000134616?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2023-23918 A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental ... More info: https://my.f5.com/manage/s/article/K000134602?utm_source=f5support&utm_medium=RSS

Security Advisory Description mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In ... More info: https://my.f5.com/manage/s/article/K000134597?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2023-0465 Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. More info: https://my.f5.com/manage/s/article/K000134574?utm_source=f5support&utm_medium=RSS

Security Advisory Description CVE-2019-2818 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. More info: https://my.f5.com/manage/s/article/K000134579?utm_source=f5support&utm_medium=RSS

null More info: https://my.f5.com/manage/s/article/K000134597?utm_source=f5support&utm_medium=RSS