SUSE-SU-2020:3268-1 Security update for spice-vdagent

This update for spice-vdagent fixes the following issues: Security issues fixed: - CVE-2020-25650: Fixed a memory DoS via arbitrary entries in activexfers hash table bsc1177780. - CVE-2020-25651: Fixed a possible file transfer DoS and information leak via activexfers hash map bsc1177781. -...

Denial Of Service (DoS)

spice-vdagent is vulnerable to denial of service DoS. The vulnerability exists through file transfer via activexfers Hash Map...

Cisco SD-WAN vManage Elevation of Privilege Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An elevation of privilege vulnerability exists in the System File Transfer feature of Cisco SD-WAN vManage. The vulnerability stems from improper validation of the path input to the System...

USN-4617-1 spice-vdagent vulnerabilities

Matthias Gerstner discovered that SPICE vdagent incorrectly handled the activexfers hash table. A local attacker could possibly use this issue to cause SPICE vdagent to consume memory, resulting in a denial of service. CVE-2020-25650 Matthias Gerstner discovered that SPICE vdagent incorrectly...

httpd: mod_proxy_ftp use of uninitialized value

A flaw was found in Apache's HTTP server httpd .The modproxyftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality...

PT-2020-4644 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: A vulnerability in the system file transfer functions could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The...

PT-2020-16147 · Spice +8 · Spice-Vdagent +8

Name of the Vulnerable Software and Affected Versions: spice-vdagent versions 0.20 and prior Description: A flaw was found in the SPICE file transfer protocol, allowing file data from the host system to end up in the client connection of an illegitimate local user in the VM system. This could als...

CVE-2020-25651

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

UBUNTU-CVE-2020-25651

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

The vulnerability of the “file transfer” component of the TIBCO Managed File Transfer Platform Server allows a perpetrator to modify any files they choose.

The vulnerability of the “file transfer” component of the TIBCO Managed File Transfer Platform Server is related to errors in the mechanism for processing authentication requests. Exploiting this vulnerability allows a malicious actor to modify arbitrary files remotely...

The vulnerability of the “file transfer” component of the TIBCO Managed File Transfer Platform Server allows a perpetrator to execute arbitrary code.

The vulnerability of the “file transfer” component of the TIBCO Managed File Transfer Platform Server exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

Xiaomi Mi 9 MIUI 12.0.5 has a logic flaw vulnerability

Xiaomi Mi 9 is a phone released by Xiaomi on February 20, 2019 at 14:00 at the Beijing Institute of Technology Gymnasium. Xiaomi Mi 9 MIUI 12.0.5 has a logic flaw vulnerability. An attacker can use this vulnerability to bypass the system screen lock and transfer any malicious file to the target...

QSC Q-SYS Core Manager Path Traversal Vulnerability

QSC Q-SYS is a signal processing device from QSC. The device is used for audio information processing and information exchange, and can be used in conference, teacher, lecture hall and other multi-person meeting scenarios. A path traversal vulnerability exists in QSC Q-SYS Core Manager 8.2.1, whi...

Phishing Emails Used to Deploy KONNI Malware

Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency CISA has observed cyber actors using emails containi...

CVE-2020-27646

Biscom Secure File Transfer SFT before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft...

CVE-2020-27646

Biscom Secure File Transfer SFT before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft...

Design/Logic Flaw

Biscom Secure File Transfer SFT before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft...

CVE-2020-27646

Biscom Secure File Transfer (SFT) platforms are affected in versions prior to 5.1.1082 and 6.x prior to 6.0.1011, where a vulnerability enables user credential theft. The CVSS data indicates network exposure with a high confidentiality impact (C:H) but no integrity or availability impact, and use...

CVE-2020-27646

Biscom Secure File Transfer SFT before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft...

CVE-2020-3564

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacke...