Fabriquants

Retour à Sécurité

Fortinet

Aruba

Cisco

    • 17 mars 2023Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability
      A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit thi …

    • 14 mars 2023Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities
      Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device. For more information about these vulnerabilities, see the Details section of this advisory.  Cisco has not rele …

    • 10 mars 2023Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities
      Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.  Cisco has released software updates that address these vulnerabilities. There are no workaro …

    • 7 mars 2023Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities
      Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, local attacker to conduct server-side request forgery (SSRF) attacks through an affected device or to overwrite arbitrary files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has release …

    • 2 mars 2023Cisco Finesse Reverse Proxy VPN-less Access to Finesse Desktop Denial of Service Vulnerability
      A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulner …

    • 2 mars 2023Cisco Secure Web Appliance Content Encoding Filter Bypass Vulnerabilities
      Update for March 2, 2023: Since this advisory originally published, Cisco has become aware of an issue in a fix for older major Cisco Secure Web Appliance software releases. That issue introduced additional vulnerabilities in releases 14.5.0-537 and 14.5.1-008. Cisco is investigating these new issues and will provide a fix in April 2023 for software releases later than Rel …

    • 1 mars 2023Cisco Webex App for Web Cross-Site Scripting Vulnerability
      A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending an arbitrary file to a user and persuading that user to br …

Google Online Security Blog