Vulnerability fixed in Cisco IP Phones

A vulnerability has been fixed in Cisco IP Phones. The vulnerability allows a malicious party capable of sending rogue Cisco Discovery Protocol or LLDP packet to send to the IP Phone able to execute arbitrary code or cause a Denial-of-Service attack. Cisco has released updates to fix the...

Cisco IP Phones Buffer Overflow and Denial of Service Vulnerabilities

Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are...

PT-2021-2256

Name of the Vulnerable Software and Affected Versions: Cisco IP Phone Series 68xx/78xx/88xx affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol LLDP implementations. These vulnerabilities...

The vulnerability of the Link Layer Discovery Protocol (LLDP) implementation in the NX-OS operating system in ACI Mode on Nexus 9000 Series routers allows a attacker to cause a service failure.

The vulnerability of the Link Layer Discovery Protocol LLDP implementation in the NX-OS operating system in ACI Mode on Nexus 9000 Series routers is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

PT-2021-7748

Name of the Vulnerable Software and Affected Versions Veritas Backup Exec versions prior to 21.2 Description An issue exists in Veritas Backup Exec related to flaws in the SHA authentication scheme. This can allow an attacker to gain unauthorized access and complete the authentication process...

Vulnerabilities fixed in Salt

Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Bypassing authentication Bypassing security measur...

USN-4752-1 linux-oem-5.6 vulnerabilities

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proxima...

USN-4752-1: Linux kernel (OEM) vulnerabilities

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proxima...

The vulnerability of Junos router operating systems of the EX4300-MP, EX4600, and QFX5K series is related to an uncontrolled resource consumption, which allows a attacker to cause service interruptions.

The vulnerability of Junos operating system routers of the EX4300-MP, EX4600, and QFX5K series is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using specially crafted channel layer...

CVE-2021-1231

A vulnerability in the Link Layer Discovery Protocol LLDP for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable SFP interface. This vulnerability is due to...

CVE-2021-1228

A vulnerability in the fabric infrastructure VLAN connection establishment of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...

Input validation

A vulnerability in the Link Layer Discovery Protocol LLDP for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable SFP interface. This vulnerability is due to...

CVE-2021-1231 Cisco Nexus 9000 Series Fabric Switches ACI Mode Link Layer Discovery Protocol Port Denial of Service Vulnerability

A vulnerability in the Link Layer Discovery Protocol LLDP for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable SFP interface. This vulnerability is due to...

PT-2021-2178 · Cisco · Cisco Application Policy Infrastructure Controller +1

Name of the Vulnerable Software and Affected Versions: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI Mode affected versions not specified Description: A vulnerability in the fabric infrastructure VLAN connection establishment could allow an unauthenticated,...

PT-2021-2161 · Cisco · Cisco Nexus 9000 Series Fabric Switches

Name of the Vulnerable Software and Affected Versions: Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode affected versions not specified Description: A vulnerability in the Link Layer Discovery Protocol LLDP could allow an unauthenticated, adjacent attacker to disab...

Man-in-the-Middle (MitM)

Overview Affected versions of this package are vulnerable to Man-in-the-Middle MitM due to Missing TLS hostname validation. Remediation There is no fixed version for tweetstream. References - GitHub Security Advisory - GitHub Security Advisory Credit: Agustin Gianni...

Take the Full-Stack Approach to Securing Your Modern Attack Surface

A growing remote-work culture demands a graduation in the approach to security. It’s time to test, monitor, secure, and extend to the application layer. A modern methodology for vulnerability management VM is vital for organizations looking to minimize attack surfaces by prioritizing potential...

The vulnerability of the isolated iframe in the Google Chrome web browser allows a perpetrator to circumvent existing security restrictions.

The vulnerability in the isolated environment of the iframe in the Google Chrome web browser is related to an incorrect limitation on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...

App Layering 2011 : After ELM Upgrade to 2011 from 2005, adding layer version gives "The issuing certificate does not have a usable private key."

--after upgrading ELM from 2005 to 2011 -- getting an error when we try to add a version to a layer "The issuing certificate does not have a usable private key." -- have offload compositing enabled on vCentre connectors...

[SECURITY] [DSA 4855-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4855-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2021 https://www.debian.org/security/faq -...