CVE-2020-6865

ZTE SDN controller platform is impacted by an information leakage vulnerability. Due to the program's failure to optimize the response of failure to the request, the caller can directly view the internal error code location of the component. Attackers could exploit this vulnerability to obtain...

Switching from a “Just in Time” delivery system should include planning ahead

As it becomes clear that some things will never again be the same after the global coronavirus pandemic, it is time to prepare for the future. The cybersecurity implications of upcoming changes will be most noticeable in organizations that rely on security models like the software defined...

Red Hat Ceph Storage Path Traversal Vulnerability

Red Hat Ceph Storage is a scalable, open software-defined storage platform from Red Hat. A path traversal vulnerability exists in the Ceph dashboard in Red Hat Ceph Storage versions v14.2.5, v14.2.6, and v15.0.0. An attacker could exploit the vulnerability to obtain information...

How to transform your revolutionary idea into a reality: $100K Nokia Bell Labs Prize

Revolutionary ideas in science, technology, engineering, and mathematics don't occur every day. But when those "eureka" moments happen, we need to provide a forum to explore those ideas, judge them on their merits, and distinguish the extraordinary from the merely good. Once a year, Nokia Bell La...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A NULL pointer dereference flaw was found in the way the Linux kernel's key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service...

Security Bulletin: IBM Spectrum Scale Transparent Cloud Tiering is affected by a vulnerability in IBM® Runtime Environment Java™ Version 8

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Spectrum Scale Transparent Cloud Tiering. The IBM Spectrum Scale Transparent Cloud Tiering have addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-2989 DESCRIPTION: An unspecified vulnerabili...

The vulnerability of the command-line interface of the programmatically defined Cisco SD-WAN network allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the command-line interface of the programmatically defined Cisco SD-WAN network is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges...

The vulnerability of the programmatically defined Cisco SD-WAN network, which arises due to insufficient validation of input data, allows a hacker to elevate their privileges to the root level.

The vulnerability of the programmatically defined Cisco SD-WAN network exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

Cisco SD-WAN Solution vManage Command Injection Vulnerability

Cisco SD-WAN Solution is a set of network extension solutions from Cisco. vManage is a network management system. A command injection vulnerability exists in the Web UI in Cisco SD-WAN Solution vManage Release prior to 19.2.2, which stems from the Web UI failing to properly validate SQL values. A...

ONAP SDNC Operating System Command Injection Vulnerability

The ONAP SDNC is a network-defined network controller from the ONAP program. An operating system command injection vulnerability exists in ONAP SDNC versions prior to 4.0.0. The vulnerability can be exploited to execute arbitrary commands with the help of a specially crafted 'module' parameter...

ONAP SDNC Operating System Command Injection Vulnerability (CNVD-2020-28056)

The ONAP SDNC is a network-defined network controller from the ONAP program. ONAP SDNC suffers from an operating system command injection vulnerability. An attacker can exploit this vulnerability to execute arbitrary commands with the help of a specially crafted 'filename' parameter...

ONAP SDNC Operating System Command Injection Vulnerability (CNVD-2020-28055)

The ONAP SDNC is a network-defined network controller from the ONAP program. An operating system command injection vulnerability exists in ONAP SDNC Dublin. An attacker can exploit this vulnerability to execute arbitrary commands with the help of a specially crafted 'filename' parameter...

Cisco SD-WAN Solution Command Injection Vulnerability (CNVD-2020-19236)

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco. the CLI is a command line interface. A command injection vulnerability exists in the CLI in versions prior to Cisco SD-WAN Solution Release 19.2.2, which stems from the program failing to adequately perform input...

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an attacker can cause a denial of service (CVE-2020-4217)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale that could allow an attacker to cause a denial of service. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4217 DESCRIPTION: The Spectrum Scale file system component is affect...

The vulnerability of the VMware SD-WAN platform managed by programmatically configured networks, caused by VeloCloud, stems from the lack of protection for service data. This allows a malicious actor to gain unauthorized access to account information.

The vulnerability of the VMware SD-WAN platform for programmatically configurable networks by VeloCloud is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to account information...

New LTE Network Flaw Could Let Attackers Impersonate 4G Mobile Users

A group of academics from Ruhr University Bochum and New York University Abu Dhabi have uncovered security flaws in 4G LTE and 5G networks that could potentially allow hackers to impersonate users on the network and even sign up for paid subscriptions on their behalf. The impersonation attack —...

The vulnerability of the user interface of the programmatically defined Cisco SD-WAN network allows a hacker to execute arbitrary commands with user privileges from the vmanage system within the vulnerable system.

The vulnerability of the programmable user interface in Cisco SD-WAN networks is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with privileges as the vmanage user on the vulnerable system...

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a attacker to execute arbitrary SQL queries.

The vulnerability in the vManage web interface of the Cisco SD-WAN software-defined networking system is related to input validation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

Cisco SD-WAN Solution SQL Injection Vulnerability

Cisco SD-WAN Solution is a suite of network extension solutions from Cisco, of which vManage is the console. An SQL injection vulnerability exists in the web interface of Cisco SD-WAN Solution vManage. The vulnerability stems from insufficient validation of user-supplied input. A remote...

Product release: Virtuozzo Infrastructure Platform 3.5

In this release, Virtuozzo Infrastructure Platform offers a wide range of new features that enhance the experience of users working with compute virtualization and software-defined networking functionalities. Additionally, the update delivers stability improvements and addresses bugs found in...