Slándáil Research:
Feeds
Feeds
Search
Search Engine
Feed: Spain CCN-CERT
Link
MSA-23-0040: Make file serving endpoints revision control stricter
MSA-23-0039: XSS risk when previewing data in course upload tool
MSA-23-0038: Stored XSS in quiz grading report via user ID number
MSA-23-0037: Auto-populated H5P author name causes a potential information leak
MSA-23-0036: Stored XSS and potential IDOR risk in Wiki comments
MSA-23-0035: Duplicating a BigBlueButton activity assigns the same meeting ID
MSA-23-0034: Students could see other students in "Only see own membership" groups
MSA-23-0033: XSS risk when using CSV grade import method
MSA-23-0032: Authenticated remote code execution risk in IMSCP
MSA-23-0031: Authenticated remote code execution risk in Lesson
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
HTTP/2 Rapid Reset Attack Affecting Cisco Products: October 2023
cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
K000137229 : BIND vulnerability CVE-2022-38178
K43541501 : Intel CPU vulnerabilities CVE-2022-21131 and CVE-2022-21136
K08173228 : Multiple Intel CPU vulnerabilities
K61903372 : OpenSSL vulnerability CVE-2021-23839
K55051330 : Intel BIOS vulnerability CVE-2021-33123
K87351324 : Intel BIOS vulnerability CVE-2021-33124
K73422160 : OpenSSL vulnerability CVE-2019-1547
K19559038 : OpenSSL vulnerability CVE-2021-3712
K000137211 : cURL vulnerabilities CVE-2023-38545 and CVE-2023-38546
K000137202 : Intel BIOS vulnerability CVE-2022-38083
K000133467 : BIG-IP HTTP/2 vulnerability CVE-2023-40534
K000137201 : Intel BIOS vulnerability CVE-2022-37343
K000137204 : Intel BIOS vulnerability CVE-2022-43505
K06110200 : BIG-IP and BIG-IQ TACACS+ audit log vulnerability CVE-2023-43485
K41072952 : BIG-IP Appliance mode external monitor vulnerability CVE-2023-43746
K20307245 : BIG-IP tmsh vulnerability CVE-2023-45219
K000137053 : Overview of F5 vulnerabilities (October 2023)
K000137106 : HTTP/2 vulnerability CVE-2023-44487
K000135040 : BIG-IP Edge Client for macOS vulnerability CVE-2023-5450
CVE-2023-44487 - HTTP/2 Rapid Reset Attack
K000137187 : GlibC vulnerability CVE-2023-4911
K000137188 : AMD CPU vulnerability CVE-2021-26401
K000137186 : Linux kernel vulnerability CVE-2022-3564
Issue with Amazon WorkSpaces Windows Client Version 5.9 and 5.10
K92807525 : TMUI XSS vulnerability CVE-2022-27878
K15101402 : iControl REST vulnerability CVE-2022-1468
ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability
Cisco Emergency Responder Static Credentials Vulnerability
Cisco IOx Application Hosting Environment Privilege Escalation Vulnerability
Multiple Cisco Unified Communications Products Unauthenticated API High CPU Utilization Denial of Service Vulnerability
K000137093 : Node.js vulnerabilities CVE-2018-7167, CVE-2018-12115, and CVE-2018-12116
K000137107 : Crypto++ vulnerability CVE-2022-48570
K000137105 : libvpx vulnerability CVE-2023-5217
Reported TorchServe Issue (CVE-2023-43654)
K000137090 : Node.js vulnerabilities CVE-2018-12121, CVE-2018-12122, and CVE-2018-12123
K000135997 : Multiple Node.js vulnerabilities
K34125394 : Apache HTTPD vulnerability CVE-2017-3167
K000137054 : libwebp vulnerabilities CVE-2023-4863 and CVE-2023-5129
K000137058 : Linux kernel vulnerability CVE-2022-4269
K000137038 : BIND vulnerability CVE-2023-4236
Cisco IOS XE Software for Wireless LAN Controllers Wireless Network Control Denial of Service Vulnerability
Cisco Catalyst SD-WAN Manager Web UI HTML Injection Vulnerability
Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability
Cisco DNA Center API Insufficient Access Control Vulnerability
Cisco Catalyst 9100 Access Points Denial of Service Vulnerability
Cisco Wireless LAN Controller AireOS Software Denial of Service Vulnerability
Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability
Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability
Cisco Access Point Software Uncontrolled Resource Consumption Vulnerability
Reports about Cyber Actors Hiding in Router Firmware
Embrace the Security Mindset: Design Decisions for a Fortified Next-Generation Multi-Cloud Infrastructure Platform
K000136957 : Apache struts vulnerability CVE-2023-41835
K000136924 : Node.JS vulnerabilities CVE-2018-7158, CVE-2018-7164, and CVE-2018-7166
Drupal core - Critical - Cache poisoning - SA-CORE-2023-006
K41043270 : Intel processor vulnerabilities CVE-2021-0086 and CVE-2021-0089
K000136903 : OpenSSL Diffie-Hellman vulnerability CVE-2023-3446
K23022557 : The BIG-IP system may respond with the NXDOMAIN status when it receives a DNS query of a certain type on a CNAME wide IP
VMware Carbon Black Emerges as a Leader in Frost & Sullivan’s 2023 XDR Report
Cisco IOS XR Software Image Verification Vulnerability
Cisco IOS XR Software Compression ACL Bypass Vulnerability
Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability
Cisco IOS XR Software Model-Driven Programmability Behavior with AAA Authorization
Cisco IOS XR Software Connectivity Fault Management Denial of Service Vulnerability
Cisco IOS XR Software Access Control List Bypass Vulnerability
Version 2.9 of the Mozilla Root Store Policy
K000136157 : sssd vulnerability CVE-2022-4254
K000136168 : Intel BIOS firmware vulnerabilities CVE-2022-44611 and CVE-2022-27879
K000136153 : cURL vulnerability CVE-2023-23914
Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Stack Overflow Vulnerability
Cisco Identity Services Engine RADIUS Denial of Service Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability
Cisco HyperFlex HX Data Platform Open Redirect Vulnerability
K000136109 : PHP SQLite vulnerability CVE-2022-31631
K000136079 : Redis vulnerability CVE-2022-0543
K000136079 : Redis Vulnerability CVE-2022-0543
K12252011 : OpenSSH vulnerability CVE-2019-6109
K21350967 : OpenSSH vulnerability CVE-2019-6111
K42531048 : OpenSSH vulnerability CVE-2019-6110
K000136011 : Apache Tomcat Open Redirect vulnerability CVE-2023-41080
Cisco Unified Communications Products Privilege Escalation Vulnerability
K000136011 : CVE-2023-41080 Apache Tomcat Open Redirect Vulnerability
K000135997 : Multiple Node.JS vulnerabilities
K000135996 : Intel RDMA Ethernet Controller vulnerability CVE-2023-25775
Kubernetes Security Issues (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955)
K42406850 : F5 SIRT response to the Ukraine crisis
MSA-23-0020: Remote code execution risk when parsing malformed file repository reference
MSA-23-0019: Proxy bypass risk due to insufficient validation
Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability
Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability
Cisco NX-OS Software TACACS+ or RADIUS Remote Authentication Directed Request Denial of Service Vulnerability
Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service Vulnerability
Cisco FXOS Software Arbitrary File Write Vulnerability
Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects SNMP Denial of Service Vulnerability
Kubernetes Security Issues (CVE-2023-3676, CVE-2023-3893, CVE-2023-3893)
K000135921 : Python urllib.parse vulnerability CVE-2023-24329
MSA-23-0030: Quiz sequential navigation bypass possible
MSA-23-0029: Competency framework tools are not restricted as intended
MSA-23-0028: Open redirect risk on admin view all policies page
MSA-23-0027: JQuery UI library upgraded to 1.13.2 (upstream)
MSA-23-0026: IDOR in message processor fragments allows fetching of other users data
MSA-23-0025: phpCAS library upgraded to 1.6.0 (upstream)
MSA-23-0024: Private course participant data available from external grade report method
MSA-23-0023: Stored self-XSS escalated to stored XSS via OAuth 2 login
MSA-23-0022: SQL injection risk in grader report sorting
MSA-23-0021: Some block permissions on Dashboard not respected
K91589041 : Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827
K10812540 : OpenJDK vulnerability CVE-2019-18197
K72382141 : Apache HTTPD vulnerability CVE-2021-34798
K23231802 : Expat vulnerability CVE-2021-46143
K15402727 : cURL vulnerability CVE-2020-8286
K33548065 : Eclipse Jetty vulnerability CVE-2018-12536
K30444545 : libxslt vulnerability CVE-2019-11068
Detecting Secrets in Container Images
Expand Public Cloud Support with VMware Carbon Black Workload
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability
Cisco Intersight Virtual Appliance Unauthenticated Port Forwarding Vulnerability
Cisco Expressway Series and Cisco TelePresence Video Communication Server Command Injection Vulnerability
Cisco Duo Device Health Application for Windows Arbitrary File Write Vulnerability
Cisco Unified Communications Products Cross-Site Scripting Vulnerability
ClamAV HFS+ File Scanning Infinite Loop Denial of Service Vulnerability
ClamAV AutoIt Module Denial of Service Vulnerability
What’s Missing from SOCs? XDR with Native Network Visibility
K000135880 : glibc vulnerability CVE-2023-25139
K000135854 : ESAPI (The OWASP Enterprise Security API) vulnerability CVE-2022-23457
K000135853 : Dell BSAFE Micro Edition vulnerability CVE-2020-35168
K000135852 : FasterXML jackson-databind vulnerability CVE-2022-42003
K000135831 : Node.js vulnerability CVE-2023-32067
K04305530 : SCP vulnerability CVE-2020-15778
K000135795 : Downfall Attacks CVE-2022-40982
Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables Affecting Cisco AnyConnect Secure Mobility Client and Cisco Secure Client
VMware Response to Gather Data Sampling (GDS) – Transient Execution Side-channel vulnerability impacting Intel processors (CVE-2022-40982)
CVE-2023-20569 - RAS Poisoning - Inception
CVE-2022-40982 - Gather Data Sampling - Downfall
K92451315 : OpenSSL vulnerability CVE-2020-1968
K000135718 : OpenJDK vulnerabilities CVE-2023-22006, CVE-2023-22043, and CVE-2023-22045
K000132563 : BIG-IP Edge Client for Windows and macOS vulnerability CVE-2023-36858
K000133474 : BIG-IP Configuration utility vulnerability CVE-2023-38138
K000135479 : Overview of F5 vulnerabilities (August 2023)
K000135449 : BIG-IP FIPS HSM password vulnerability CVE-2023-3470
K000134922 : F5OS-A vulnerability CVE-2023-36494
K000134535 : BIG-IP Configuration utility vulnerability CVE-2023-38423
Cisco BroadWorks CommPilot Application Software Cross-Site Scripting Vulnerability
K000135709 : OpenSSH vulnerability CVE-2023-38408
Cisco Unified Communications Products Arbitrary File Read Vulnerability
Announcing Cloud Native Detection and Response for Carbon Black
K000135674 : HarfBuzz vulnerability CVE-2023-25193
K000135621 : VMware Tools vulnerability CVE-2023-20867
K000135625 : Oracle Java vulnerability CVE-2023-22051
K000135627 : Oracle MySQL vulnerability CVE-2023-22057
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software ACLs Not Installed upon Reload
K000135633 : OpenSSL vulnerability CVE-2023-2975
K000135632 : AMD Ryzen vulnerability CVE-2023-20593
K000135637 : Java vulnerability CVE-2023-22049
K000135636 : Java vulnerability CVE-2023-22041
K000135635 : Java vulnerability CVE-2023-22044
CVE-2023-20593
K91643220 : Java vulnerabilities CVE-2020-2659 and CVE-2020-2773
K000135555 : Java vulnerabilities CVE-2020-2756 and CVE-2020-2757
K000135534 : Java vulnerabilities CVE-2020-14779, CVE-2020-14782
K000135507 : Java vulnerabilities CVE-2020-14781
Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities
Oracle Critical Patch Update Advisory - July 2023
K13400 : SSL 3.0/TLS 1.0 vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870
K000135504 : BIND vulnerability CVE-2023-2911
K000135507 : Java vulnerabilities CVE-2020-14779, CVE-2020-14781 and CVE-2020-14782
K35253541 : Java vulnerability CVE-2020-14797
The Top Sessions and Tutorials at VMware Explore 2023 Las Vegas You Can’t Miss
We Believe Customer Value is Built on Innovation and Investment
K000135439 : libtar vulnerabilities CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646
Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability
K000135446 : Linux kernel vulnerability CVE-2023-3269
K000135433 : WPA use-after-free vulnerability CVE-2021-27803
Cisco ACI Multi-Site CloudSec Encryption Information Disclosure Vulnerability
Cisco Webex Meetings Web UI Vulnerabilities
Cisco Duo Authentication Proxy Information Disclosure Vulnerability
Cisco BroadWorks Privilege Escalation Vulnerability
K000135353 : Apache Commons Collection serialized object injection vulnerability CVE-2017-15708
K000135352 : Heimdal vulnerability CVE-2022-3116
K000135312 : BIND vulnerability CVE-2023-2828
K000135314 : GO vulnerability CVE-2022-28327
K000135330 : Multiple Nucleus TCP/IP stack vulnerabilities
K000135262 : Apache Tomcat vulnerability CVE-2023-28709
8Base Ransomware: A Heavy Hitting Player
K000135242 : Linux kernel vulnerability CVE-2023-1390
K000135252 : BIND vulnerability CVE-2023-2829
K000135251 : Apache Struts vulnerability CVE-2023-34396
K000135223 : Apache Tomcat vulnerability CVE-2023-34981
K40582331 : Apache HTTP server vulnerability CVE-2022-28615
K67830124 : Linux kernel ext3/ext4 file system vulnerability CVE-2020-14314
K18484125 : Eclipse Jetty vulnerability CVE-2020-27216
K67090077 : Apache HTTP Server vulnerability CVE-2022-22720
K21054458 : Eclipse Jetty vulnerability CVE-2017-7656
K000135206 : Linux kernel vulnerability CVE-2023-32233
K000134942 : Intel CPU vulnerability CVE-2022-33972
K000135156 : Apache Struts vulnerability CVE-2023-34149
K000135178 : OpenSSL vulnerability CVE-2023-2650
Cisco Duo Two-Factor Authentication for macOS Authentication Bypass Vulnerability
Cisco Secure Email Gateway, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Cross-Site Scripting Vulnerabilities
K000135149 : Oracle Java SE vulnerability CVE-2023-21938
K000135122 : Linux kernel vulnerability CVE-2023-0461
MSA-23-0018: SSRF risk due to insufficient check on the cURL blocked hosts list
MSA-23-0017: Minor SQL injection risk on Mnet SSO access control page
MSA-23-0016: XSS risk on groups page
Cisco SD-WAN Software Information Disclosure Vulnerability
Issue with AWS Directory Service EnableRoleAccess
K000135001 : Pythin URLlib3 vulnerability CVE-2019-11236
K000135001 : Python URLlib3 vulnerability CVE-2019-11236
K000134938 : Intel Processors vulnerability CVE-2022-38090
K000134945 : Spring Boot vulnerability CVE-2022-46166
Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability
Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Stored Cross-Site Scripting Vulnerability
Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities
Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability
Cisco Unified Communications Manager Denial of Service Vulnerability
Cisco Secure Workload Authenticated OpenAPI Privilege Escalation Vulnerability
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 2100 Series Appliances SSL/TLS Denial of Service Vulnerability
K24554520 : Apache Log4j Remote Code Execution vulnerability CVE-2021-4104
Carbon Black’s TrueBot Detection
K54450124 : NSS vulnerability CVE-2021-43527
K49902412 : nghttp vulnerability CVE-2018-1000168
K63525027 : Memcached vulnerability CVE-2018-1000115
K54724312 : Linux kernel vulnerability CVE-2022-0492
K04712583 : Linux kernel vulnerability CVE-2021-40490
K31323265 : OpenSSL vulnerability CVE-2022-0778
K000132635 : OpenSSL vulnerability CVE-2022-4450
K63597327 : Python Flask vulnerability CVE-2018-1000656
K28622040 : Python vulnerability CVE-2019-9948
K000130512 : SQLite vulnerability CVE-2022-35737
K00322972 : Apache Log4j Chainsaw vulnerability CVE-2022-23307
K59563964 : Apache Log4j Remote Code Execution vulnerability CVE-2022-23302
K13401920 : Apache HTTPD vulnerability CVE-2021-36160
K22322802 : Grafana vulnerability CVE-2021-39226
K44454157 : Expat vulnerability CVE-2022-40674
K05295469 : Expat vulnerability CVE-2019-15903
K68713584 : bzip2 vulnerability CVE-2019-12900
![securit.ie Logo by clatrickparke[@]gmail.com](/static/slandail-logo.png){kind=logo}
Slándáil Research: Feeds