17 matches found
EUVD-2019-16239
Malware in sbrugna...
CVE-2019-6680
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 virtual server VIP on VIP, hardware appliances may stop responding...
Security Bulletin: This Power Hardware Management Console (HMC) update is being released to address Common Vulnerabilities and Exposures issue numbers CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091 (known as MDS).
Summary In response to recently reported security vulnerabilities, this Power HMC Security Bulletin is released to address Common Vulnerabilities and Exposures issue numbers CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091. Vulnerability Details CVEID: CVE-2018-12126 CVEID:...
Cisco BPA, WSA Bugs Allow Remote Cyberattacks
A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation BPA application and Cisco’s Web Security Appliance WSA and could allow authenticated, remote attackers to access sensitive data or take over a targeted system. The first two bugs CVE-2021-1574 and...
Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?
At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS Domain Name System related outage and Distributed denial of service DDoS lead a negative impact on...
CVE-2019-6680
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 virtual server VIP on VIP, hardware appliances may stop responding...
CVE-2019-6680
CVE-2019-6680 affects F5 BIG-IP TMM FastL4 when a standard virtual server targets a FastL4 virtual server on the same BIG-IP system. Affected versions: 15.0.0–15.0.1; 14.1.0–14.1.2; 14.0.0–14.0.1; 13.1.0–13.1.3.2; 12.1.0–12.1.5; 11.5.2–11.6.5. The issue may cause the hardware appliance to stop re...
CVE-2019-6680
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 virtual server VIP on VIP, hardware appliances may stop responding...
Design/Logic Flaw
A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...
CVE-2018-0087
A vulnerability in the FTP server of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. The attacker does need to have a valid username. The vulnerability is due to incorrect FTP user credential...
Command injection
A vulnerability in the web interface of the Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10...
CVE-2017-5243
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the...
Design/Logic Flaw
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the...
CVE-2017-3870
CVE-2017-3870 is a vulnerability in the URL filtering feature of Cisco AsyncOS for Cisco Web Security Appliance (WSA) that could allow an unauthenticated, remote attacker to bypass a configured URL filter. Affected: all releases prior to the first fixed release of Cisco AsyncOS for WSA, on both v...
Design/Logic Flaw
Sandbox detection evasion vulnerability in hardware appliances in McAfee now Intel Security Advanced Threat Defense MATD 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file false-negative via...
CVE-2015-8986
CVE-2015-8986 is described as a sandbox-detection evasion vulnerability in McAfee/Intel Security Advanced Threat Defense (MATD) versions up to 3.4.2.32. The issue allows malware to detect the sandbox environment and bypass malware detection, resulting in false negatives. The available sources ide...
Cyberoam Central Console 2.00.2 - Remote File Inclusion
Title: ====== Cyberoam Central Console v2.00.2 - File Include Vulnerability Date: ===== 2012-02-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=405 VL-ID: ===== 405 Introduction: ============= Cyberoam Central Console CCC appliances offer the flexibility of hardware...