Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below - CVE-2026-20184 CVSS...

CVE-2026-20180

creationtimestamp| type| source ---|---|--- 2026-04-15 16:21:38+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116409637135769540 2026-04-15 17:18:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkfoj4tgf2w 2026-04-15 17:21:15+00:00| seen|...

CVE-2026-20180

Cisco Identity Services Engine (ISE) contains a remote code execution vulnerability (CVE-2026-20180) that can be exploited by an authenticated attacker with at least Read Only Admin credentials. The issue stems from insufficient validation of user-supplied input, allowing a crafted HTTP request t...

CVE-2023-20180

A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attack...

CVE-2022-20180

In several functions of maligrallocreference.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress...

Linux Distros Unpatched Vulnerability : CVE-2018-20180

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbgprocess and result...

CVE-2025-20180

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

CVE-2025-20180

creationtimestamp| type| source ---|---|--- 2025-02-05 16:21:39+00:00| seen| https://infosec.exchange/users/cve/statuses/113952194465598402 2025-02-05 16:37:05+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113952255128702135 2025-02-05 17:16:18+00:00| seen|...

Advisory ROSA-SA-2024-2532

Software: ansible 2.9.18 OS: rosa-server79 packageevrstring: ansible-2.9.18-1.res7 CVE-ID: CVE-2021-20228 BDU-ID: 2021-03706 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Ansible configuration management system is related to information disclosure. Exploitation of the vulnerability could all...

Amazon Linux 2 : ansible (ALASANSIBLE2-2023-004)

The version of ansible installed on the remote host is prior to 2.9.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ANSIBLE2-2023-004 advisory. A flaw was found in ansible. The 'authkey' and 'privkey' credentials are disclosed by default and not protected by...

CVE-2017-20180

CVE-2017-20180 affects Zerocoin libzerocoin, specifically the CoinSpend::CoinSpend function in CoinSpend.cpp within the Proof Handler. Public sources describe a data authenticity verification issue caused by insufficient validation in CoinSpend, with no version details publicly provided in the in...

openSUSE: Security Advisory for Important (SUSE-SU-2022:3178-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:3178-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 : Important security update for SUSE Manager Client Tools (SUSE-SU-2022:3178-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3178-1 advisory. - A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the securit...

CVE-2022-20180

creationtimestamp| type| source ---|---|--- 2022-08-11 18:32:11+00:00| seen| https://t.me/cibsecurity/47970...

CVE-2022-20180

CVE-2022-20180 describes an elevation of privilege in Android kernel code, arising from a missing bounds check in mali_gralloc_reference.cpp that can allow arbitrary code execution on a local basis. The impact is local privilege escalation with high confidentiality/integrity/availability implicat...

OPENSUSE-SU-2022:0081-1 Security update for ansible

Ansible was updated to 2.9.21 to fix lots of bugs and security issues. Update to version 2.9.20, maintenance release containing numerous bugfixes. Update to version 2.9.19 with minor changes and a few bug fixes. Update to version 2.9.18: CVE-2021-20228 where default and fallback values for nolog...

CVE-2021-20180

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...

CVE-2021-20180

CVE-2021-20180 is an Ansible local-authenticated vulnerability where credentials are disclosed in the console log when using the bitbucket_pipeline_variable module, enabling an attacker to steal bitbucket_pipeline credentials and impacting confidentiality. CVSS: v3.1 base 5.5 (local, low complexi...