EUVD-2017-15688

Malware in sbrugna...

EUVD-2018-1021

Malware in sbrugna...

Cisco Unified IP Phone Software Denial of Service (CVE-2018-0332)

A vulnerability in the Session Initiation Protocol SIP ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacke...

Cisco IP Phones 8851 Session Initiation Protocol Denial of Service (CVE-2017-6630)

A vulnerability in the Session Initiation Protocol SIP implementation of Cisco IP Phone 8851 11.00.1 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by...

Cisco WAP371 Wireless Access Point Command Injection (cisco-sa-sb-wap-inject-bHStWgXO)

According to its self-reported version, Cisco WAP371 Wireless Access Point Command Injection is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid188066;...

Cisco Identity Services Engine RCE (cisco-sa-struts-C2kCMkmT)

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessu...

Cisco FXOS Software and UCS Fabric Interconnect Web UI Denial of Service (CVE-2018-0298)

A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerabili...

Cisco NX-OS Software Role-Based Access Control Elevated Privileges (CVE-2018-0293)

A vulnerability in role-based access control RBAC for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative user. The attacker would have to possess valid user credentials for the device. The vulnerability is d...

Cisco NX-OS Software CLI Arbitrary Command Injection (CVE-2018-0307)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting...

Cisco Nexus 9000 Series Fabric Switches Application-Centric Infrastructure Mode DHCP Version 6 Denial of Service (CVE-2018-0372)

A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure ACI Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result in a Denial of Service DoS condition on an affect...

Cisco NX-OS Software Border Gateway Protocol Denial of Service (CVE-2018-0295)

A vulnerability in the Border Gateway Protocol BGP implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update...

Cisco FXOS Software and UCS Fabric Interconnect Arbitrary Code Execution (CVE-2018-0302)

A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could...

Cisco NX-OS Software Python Parser Escape (CVE-2017-12301)

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient sanitization of...

Cisco Identity Services Engine 3.1.x < 3.1P6, 3.2.x < 3.2P2 Arbitrary File Delete and File Read (cisco-sa-ise-file-delete-read-PK5ghDDd)

According to its self-reported version, Cisco Identity Services is affected by a vulnerability in the web-based management interface. These allow an authenticated, remote attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker...

Cisco Identity Services Engine Command Injection Vulnerability (cisco-sa-ise-injection-sRQnsEU9)

According to its self-reported version, Cisco Identity Services Engine is affected by a command injection vulnerability, which could allow an authenticated remote attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these...

SUSE CVE-2014-2146

The Zone-Based Firewall ZBFW functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these...

Cisco Jabber Client For MacOS XMPP Stanza Smuggling (cisco-sa-jabber-xmpp-Ne9SCM)

According to its self-reported version, Cisco Jabber for MacOS is affected by a stanza smuggling vulnerability due to improper handling of nested XMPP requests. An authenticated, remote attacker can send specially crafted XMPP messages to an affected client causing the client to perform unsafe...

Cisco Wireless LAN Controller AireOS Software FIPS Mode DoS (cisco-sa-wlc-dos-mKGRrsCB)

According to its self-reported version, Cisco Wireless LAN Controller WLC is affected by a denial of service Dos vulnerability. An unauthenticated, network-adjacent attacker can send specially crafted packets to an affected device causing it to crash. Please see the included Cisco BIDs and Cisco...

Cisco Unity Connection Improper Access Control (cisco-sa-ucm-access-dMKvV2DY)

The version of Cisco Unity Connection installed on the remote host is 14.x prior to 14SU2. It is, therefore, affected by an improper access control vulnerability. An authenticated attacker with read-only privileges can exploit this vulnerability to perform a set of administrative actions they...

Cisco Firepower Threat Defense Software Resource Exhaustion DoS (cisco-sa-asa-ftd-dos-Unk689XY)

According to its self-reported version, Cisco FTD Software is affected by a denial of service DoS vulnerability in memory management due to improper resource management when connection rates are high. An unauthenticated, remote attacker can exploit this, by opening a significant number of...