Aerospike Operating System Command Injection Vulnerability

Aerospike is a NoSQL database solution from Aerospike, Inc. A security vulnerability exists in Aerospike Community Edition version 4.9.0.5. An attacker with a specially crafted UDF can exploit the vulnerability to execute arbitrary operating system commands on all nodes of the cluster with curren...

Remote code execution

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...

The vulnerability of the programmatically defined Cisco SD-WAN network, related to the use of strictly encrypted credentials, allows a perpetrator to elevate their privileges to the root level.

The vulnerability of the programmatically defined Cisco SD-WAN network is related to the use of strictly encrypted credentials. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

The vulnerability in the vManage web interface of the programmatically defined Cisco SD-WAN network allows a intruder to gain unauthorized access to protected information.

The vulnerability in the vManage web interface of the Cisco SD-WAN program-defined network is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability in the vManage web interface of the programmatically defined Cisco SD-WAN network allows a attacker to modify records in certain database tables.

The vulnerability in the vManage web interface of the Cisco SD-WAN program-defined network relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to modify records in certain database tables remotely...

The vulnerability in the vManage web interface of the programmatically defined Cisco SD-WAN network allows a intruder to gain unauthorized access to protected information.

The vulnerability in the vManage web interface of the Cisco SD-WAN program-defined network is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability in the vManage web interface of the programmatically defined Cisco SD-WAN network allows a attacker to disclose sensitive information.

The vulnerability in the vManage web interface of Cisco SD-WAN is due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

The vulnerability of the programmatically defined Cisco SD-WAN network, which arises due to insufficient validation of input data, allows a hacker to increase their privileges.

The vulnerability of the programmatically defined Cisco SD-WAN network exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

The vulnerability of the programmatically defined Cisco SD-WAN, related to errors in checking certain fields of protocol messages encapsulated in UDP packets, allows a attacker to cause service failure.

The vulnerability of the programmatically defined Cisco SD-WAN involves errors during the verification of certain fields in the protocol messages encapsulated in UDP packets. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability in the vManage web interface of the programmatically defined Cisco SD-WAN network allows a attacker to trigger a service failure.

The vulnerability in the vManage web interface of the Cisco SD-WAN program-defined network is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

Moderate: Red Hat Security Advisory: Red Hat Ceph Storage 4.1 security and bug fix update

An update is now available for Red Hat Ceph Storage 4.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

Cisco SD-WAN vManage Software Input Validation Error Vulnerability

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. An input validation error vulnerability exists in Cisco SD-WAN vManage Software, which stems from the program failing to properly validate input. A remote attacker could...

Cisco SD-WAN Solution Resource Management Error Vulnerability

Cisco SD-WAN Solution is a set of network extension solutions from Cisco. A resource management error vulnerability exists in Cisco SD-WAN Solution versions prior to 17.2.7 and prior to 18.3.0. A remote attacker could exploit this vulnerability to cause a denial of service with the help of a...

CVE-2020-3388

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating t...

PT-2020-3123 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to insufficient input validation in the CLI of the software, allowing an authenticated, local attacker to inject arbitrary commands that are...

CVE-2020-8198

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting XSS...

SUSE-SU-2020:1843-1 Security update for nasm

This update for nasm fixes the following issues: nasm was updated to version 2.14.02. This allows building of Mozilla Firefox 78ESR and also contains lots of bugfixes, security fixes and improvements. Fix crash due to multiple errors or warnings during the code generation pass if a list file is...

CVE-2020-14005

Solarwinds Orion with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4 allows remote attackers to execute arbitrary code via a defined event...

CVE-2020-7921

A vulnerability was discovered in MongoDB, where an update operation on a user-define role clears the authenticationRestrictions field that was previously set. This unexpected behavior may remove previous IP based restrictions configured on a role, thus allowing a user to bypass them once the...

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to perform a cross-site scripting attack.

The vulnerability in the vManage web interface of the Cisco SD-WAN programmatically defined network is related to the lack of protective measures taken for the website structure. Exploiting this vulnerability could allow a malicious actor to perform a cross-site scripting attack remotely...