3463 matches found
Cisco Catalyst 4000 Series Switches Dynamic ACL Bypass Vulnerability
A vulnerability in the dynamic access control list ACL feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic...
CVE-2017-6663
A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service DoS condition. More Information: CSCvd88936. Known...
CVE-2017-6663
A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service DoS condition. More Information: CSCvd88936. Known...
Cisco IOS Software Autonomic Control Plane Channel Information Disclosure Vulnerability (cisco-sa-20170726-aniacp)
A vulnerability in the Autonomic Networking feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane ACP of an affected system and view ACP packets that are transferred in clear text within an affected system. SPDX-FileCopyrightText: 201...
PT-2017-2629 · Cisco · Cisco Ios Xe +1
Name of the Vulnerable Software and Affected Versions: Cisco IOS Software and Cisco IOS XE Software versions Denali-16.2.1 through Denali-16.3.1 Description: A vulnerability in the Autonomic Networking feature could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affect...
CVE-2017-1182
IBM Tivoli Monitoring Portal v6 could allow a local network adjacent attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force ID: 123493...
CVE-2017-1183
IBM Tivoli Monitoring Portal v6 could allow a local network adjacent attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494...
logback: Serialization vulnerability in SocketServer and ServerSocketReceiver
It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...
kernel: heap/stack gap jumping via unbounded stack allocations
A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process sta...
Cisco NX-OS Software Fibre Channel over Ethernet Denial of Service Vulnerability (cisco-sa-20170607-nxos)
A vulnerability in the Fibre Channel over Ethernet FCoE protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition when an FCoE-related process unexpectedly reloads. Copyright C 2017 Greenbone Networks GmbH Some tex...
Input validation
A vulnerability in the Plug-and-Play PnP subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point AP or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is...
CVE-2017-3873
A vulnerability in the Plug-and-Play PnP subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point AP or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update B)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update J)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update I)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update A)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the original advisory...
Siemens devices using the PROFINET Discovery and Configuration Protocol (Update D)
CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit. Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Denial of Service UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory...
ICSA-17-129-01 Siemens devices using the PROFINET Discovery and Configuration Protocol (Update K)
1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol DCP Vulnerability: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a...
Juniper Junos for M/MX Series Routers IPv6 Neighbor Discovery DoS (JSA10786)
According to its self-reported version and configuration, the remote Juniper Junos M/MX Series device is affected by a denial of service vulnerability in a Packet Forwarding Engine PFE when processing IPv6 neighbor discovery ND packets that originate from subscribers and are destined to M/MX seri...
Juniper Junos Routing Protocol Daemon LDP Packet DoS (JSA10777)
According to its self-reported version and configuration, the remote Juniper Junos device is affected by a memory leak issue in the routing protocol daemon rpd when handling a specific LDP packet, which over time will consume memory that cannot be freed without restarting the rpd process. An...