Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.13 packages and security update

Red Hat OpenShift Container Platform release 4.15.13 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...

CVE-2024-20383

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

CVE-2024-20383

Cisco Secure Email and Web Manager (Cisco AsyncOS) web-based management interface is affected by a stored XSS vulnerability due to insufficient input validation. An authenticated, remote attacker can lure a user to click a crafted link, potentially executing arbitrary script code in the interface...

CVE-2024-20383 Cisco Secure Email and Web Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

CVE-2024-20383 Cisco Secure Email and Web Manager Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...

Cisco Crosswork Network Services Orchestrator Vulnerabilities

Multiple vulnerabilities in the Cisco Crosswork Network Services Orchestrator NSO CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these...

ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities

Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these vulnerabilities, see the Details "details" section of...

Improper TLS Ciphers Configuration

github.com/nats-io/nats-server/ is vulnerable to Improper TLS Ciphers Configuration. The vulnerability is due to the loss of restricted ciphersuite settings when using CLI options to set a key/cert for TLS, enabling all ciphersuites supported by Go by default...

PT-2024-18655 · Cisco · Cisco Crosswork Nso Cli

Name of the Vulnerable Software and Affected Versions: Cisco Crosswork NSO CLI and ConfD CLI affected versions not specified Description: A vulnerability could allow an authenticated, low-privileged, local attacker to elevate privileges to root on the underlying operating system. The issue is due...

CVE-2024-31480

Unauthenticated Denial of Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service...

CVE-2024-31481

Unauthenticated Denial of Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service...

CVE-2024-31474

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI Aruba's Access Point management protocol. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to...

CVE-2024-31474

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI Aruba's Access Point management protocol. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to...

CVE-2024-31483

An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system...

CVE-2024-31483

An authenticated sensitive information disclosure vulnerability exists in the CLI service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to read arbitrary files in the underlying operating system...

CVE-2024-31483

The CVE-2024-31483 issue affects Aruba Networks ArubaOS (and InstantOS) where an authenticated attacker can read arbitrary files via the CLI service exposed over PAPI. Connected advisories indicate the vulnerability arises in the CLI service accessed through the PAPI protocol, enabling sensitive ...

CVE-2024-31481

Unauthenticated Denial of Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service...

CVE-2024-31481

The CVE-2024-31481 entry concerns Aruba Networks ArubaOS/InstantOS where an unauthenticated Denial of Service is possible through the CLI service accessed via the PAPI protocol. The vulnerability affects the CLI on ArubaOS/InstantOS and can interrupt normal service operation. Reports from multipl...

CVE-2024-31481

Unauthenticated Denial of Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service...

CVE-2024-31480

CVE-2024-31480 affects Aruba Networks ArubaOS/InstantOS CLI service accessed via the PAPI protocol, with an unauthenticated Denial of Service that can interrupt normal operation. Public sources in the connected documents describe a DoS impact and that exploitation requires access to the managemen...