Security Advisory Description In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. (CVE-2018-14041) Impact An attacker may exploit this vulnerability to perform a ...
More info:
https://my.f5.com/manage/s/article/K05380109?utm_source=f5support&utm_medium=RSS
Bring Your Own Vulnerable Driver (BYOVD) techniques are not new; they can be traced back at least as far as 2012 and the Shamoon wiper that targeted Saudi Aramco. The attack used RawDisk driver, which could manipulate hard drives from user space without any special permissions. This access enabled the malicious actor to erase data … ContinuedThe post Bring Your Own Backdoor: How Vulnerable Drivers Let Hackers In appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2023/04/bring-your-own-backdoor-how-vulnerable-drivers-let-hackers-in.html?utm_source=rss&utm_medium=rss&utm_campaign=bring-your-own-backdoor-how-vulnerable-drivers-let-hackers-in
A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-pdng-dos-KmzwEy2Q?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Packet%20Data%20Network%20Gateway%20IPsec%20ICMP%20Denial%20of%20Service%20Vulnerability&vs_k=1
Project: Drupal coreDate: 2023-April-19Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The file download facility doesnt sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to.Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you
More info:
https://www.drupal.org/sa-core-2023-005
Project: Drupal coreDate: 2023-April-19Security risk: Moderately critical 13∕25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:AllVulnerability: Access bypassDescription: The file download facility doesnt sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to.Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you
More info:
https://www.drupal.org/sa-core-2023-005
A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated external authentication server. An attacker could exploit this vulnerability by logging in to the web interface of an affected server. Under certain conditions, the authentication mechanism would be
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cml-auth-bypass-4fUCCeG5?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Modeling%20Labs%20External%20Authentication%20Bypass%20Vulnerability&vs_k=1
Multiple vulnerabilities in Cisco Industrial Network Director (IND) could allow an authenticated attacker to inject arbitrary operating system commands or access sensitive data. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Industrial%20Network%20Director%20Vulnerabilities&vs_k=1
A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmanage-wfnqmYhN?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SD-WAN%20vManage%20Software%20Arbitrary%20File%20Deletion%20Vulnerability&vs_k=1
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS could allow an attacker to elevate privileges, overwrite arbitrary files, or view sensitive data on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20TelePresence%20Collaboration%20Endpoint%20and%20RoomOS%20Arbitrary%20File%20Write%20Vulnerabilities&vs_k=1
A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does not occur for certain incoming TCP connections. An attacker could exploit this vulnerability by sending a high rate of TCP connections to the server. A successful exploit could allow the attacker to cause TCP connection resources to grow rapidly
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-tcp-dos-KEdJCxLs?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20BroadWorks%20Network%20Server%20TCP%20Denial%20of%20Service%20Vulnerability&vs_k=1
