Cisco SD-WAN vManage XML External Entity Injection Vulnerability (CNVD-2020-66211)

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An XML external entity injection vulnerability exists in the web UI of Cisco SD-WAN vManage 20.1.12 and earlier. The vulnerability stems from improper handling of XML External Entity XXE...

expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...

qt: XML entity expansion vulnerability

An XML Entity Expansion flaw was found in the QT library. Applications that use QT to load untrusted images, for example, SVG images, or untrusted XML documents, may be vulnerable to this flaw. This flaw allows an attacker to cause a denial of service...

[SECURITY] Fedora 33 Update: ruby-2.7.2-135.fc33

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass (cisco-sa-fxos-sbbp-XTuPkYTn)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by a secure boot bypass vulnerability. The vulnerability is due to insufficient protections of the secure boot process. A local attacker can exploit this vulnerability by injecting code into a...

SAP NetWeaver Input Validation Error Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An input validation error vulnerability exists in SAP NetWeaver Compare Systems versions 7.20, 7.30, 7.40, and...

Security feature bypass

A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface UEFI location. To exploit this vulnerability, an attacker could run a specially craft...

CVE-2020-1685

When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol VXLAN, the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching...

CVE-2020-4774

An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information su...

IBM Cúram Social Program Management Access Control Error Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Cúram Social Program Management XPath, which arises from errors such as...

New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wild

Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware. The campaign involved the use of a compromised UEFI or Unified Extensible Firmware Interface containing a malicious implant, making it the secon...

kernel: some ipv6 protocols not encrypted over ipsec tunnel

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...

kernel: some ipv6 protocols not encrypted over ipsec tunnel

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...

CVE-2019-1736

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface UEFI Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improp...

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java XML Forms versions 7.30, 7.31, 7.40, 7.50, which arises from a lack of proper validation of client-side data in the web application. An...

Cisco FXOS Software Buffer Overflow (cisco-sa-fxos-buffer-cSdmfWUt)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by a software buffer overflow vulnerability due to incorrect bounds checking that are parsed from a specific file. An authenticated, local attacker with with valid administrative credentials can...

[SECURITY] Fedora 32 Update: eclipse-remote-3.0.1-6.fc32

Remote Services provides an extensible remote services framework...

[SECURITY] Fedora 32 Update: lua-5.3.5-8.fc32

Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...

DEBIAN-CVE-2020-17497

eapol.c in iNet wireless daemon IWD through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4...

kernel: lockdown: bypass through ACPI write via efivar_ssdt

A flaw was found in how the ACPI table loading through the EFI variable and the related efivarssdt boot option was handled when the Linux kernel was locked down. This flaw allows a root privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerabilit...