CVE-2020-3118

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisc...

CVE-2020-3119

A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly...

Design/Logic Flaw

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisc...

Design/Logic Flaw

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discove...

CVE-2020-3118

CVE-2020-3118 is a Cisco CDP format-string vulnerability in Cisco IOS XR CDP handling. The issue arises from improper validation of string input in CDP messages, enabling an unauthenticated, adjacent attacker to potentially execute arbitrary code with administrative privileges or cause a reload v...

Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discove...

Cisco FXOS, IOS XR, and NX-OS Software Cisco Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is d...

CVE-2020-3118 (AKA: CDPwn)

A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisc...

PT-2020-1657 · Cisco · Cisco Fxos +3

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Cisco IOS XR Software affected versions not specified Cisco NX-OS Software affected versions not specified Description: A vulnerability in the Cisco Discovery Protocol implementation could...

PT-2020-1610 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the Cisco Discovery Protocol implementation could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected...

CVE-2020-3120 (AKA: CDPwn)

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is d...

Cisco IOS SM-1T3/E3 Service Module DoS (cisco-sa-20180926-sm1t3e3)

According to its self-reported version, Cisco IOS is affected by a denial of service DoS vulnerability in the SM-1T3/E3 firmware due to improper handling of user input. A remote, unauthenticated attacker can exploit this, by first connecting to the SM-1T3/E3 module console and entering a string...

Cisco IOS XE Software SM-1T3/E3 Service Module DoS (cisco-sa-20180926-sm1t3e3)

According to its self-reported version, Cisco IOS XE Software is affected by a denial of service DoS vulnerability in the SM-1T3/E3 firmware due to improper handling of user input. A remote, unauthenticated attacker can exploit this, by first connecting to the SM-1T3/E3 module console and enterin...

CVE-2019-14885

A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential...

Design/Logic Flaw

A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential...

PT-2020-9624 · Red Hat · Jboss Eap

Name of the Vulnerable Software and Affected Versions: JBoss EAP versions prior to 7.2.6.GA Description: A flaw in the JBoss EAP Vault system can reveal confidential information of the system property's security attribute value in the JBoss EAP log file when executing a JBoss CLI 'reload' command...

Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1085)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2019-2107)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EAP: Vault system property security attribute value is revealed on CLI 'reload' command

A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...

EAP: Vault system property security attribute value is revealed on CLI 'reload' command

A flaw was found in the JBoss EAP Vault system. Confidential information of the system property’s security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...