EUVD-2019-10312

Malware in sbrugna...

Netgear Orbi Router RBR750 Remote Management cleartext transmission vulnerability

Talos Vulnerability Report TALOS-2022-1598 Netgear Orbi Router RBR750 Remote Management cleartext transmission vulnerability March 21, 2023 CVE Number CVE-2022-38458 SUMMARY A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5....

wsmancli bug fix and enhancement update

An update is available for wsmancli. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The wsmancli packages provide a command-line interface for system management...

openwsman bug fix and enhancement update

An update is available for openwsman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Openwsman is a project intended to provide an open source implementation of...

Moderate: Red Hat Security Advisory: openwsman security update

An update for openwsman is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Moderate: openwsman security update

Openwsman is a project intended to provide an open source implementation of the Web Services Management specification WS-Management and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services...

Moderate: Red Hat Security Advisory: openwsman security update

An update for openwsman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

The vulnerability of the Web Services Management Agent component of the Cisco Industrial Network Director software package allows a perpetrator to execute a type of attack known as “man-in-the-middle” attacks.

The vulnerability of the Web Services Management Agent component of the Cisco Industrial Network Director software package is related to errors in certificate verification for X.509 certificates. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” attack...

CVE-2019-1940 Cisco Industrial Network Director Web Services Management Agent Unauthorized Information Disclosure Vulnerability

A vulnerability in the Web Services Management Agent WSMA feature of Cisco Industrial Network Director IND could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid X.509 certificate. The vulnerability is due to insufficient X.509...

CVE-2019-1940

Affects Cisco Industrial Network Director (IND) Web Services Management Agent (WSMA). The issue arises from insufficient validation of X.509 certificates during WSMA connection setup, allowing an unauthenticated, remote attacker to read sensitive data via a crafted certificate, enabling man-in-th...

Important: Red Hat Security Advisory: openwsman security update

An update for openwsman is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

libwsman, libwsman1, openwsman security update

CentOS Errata and Security Advisory CESA-2019:0638 An update for openwsman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

CVE-2019-3707

Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface...

[SECURITY] Fedora 29 Update: openwsman-2.6.5-9.fc29

Openwsman is a project intended to provide an open-source implementation of the Web Services Management specification WS-Management and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services...

Input validation

A vulnerability in the Web Services Management Agent WSMA function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied...

CVE-2019-1755

A vulnerability in the Web Services Management Agent WSMA function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied...

Cisco IOS XE Command Injection Vulnerability (CNVD-2019-10462)

Cisco IOS XE is a modular operating system based on the Linux kernel. A command injection vulnerability exists in the Web Services Management Agent WSMA feature of Cisco IOS XE, which stems from a failure to validate user-supplied input, and can be exploited by a remote authenticated attacker to...

Cisco IOS XE Software Command Injection Vulnerability

A vulnerability in the Web Services Management Agent WSMA function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied...

Cisco IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged level 1, remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent WSMA...

Important: Red Hat Security Advisory: openwsman security update

An update for openwsman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...