Posted on No Comments on Security flaws in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)Security flaws in Cisco

Security flaws in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)Security flaws in Cisco

We have three new vulnerabilities in Cisco.

  • One could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
  • One that could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
  • And another one which could allow an authenticated, local attacker to execute arbitrary code with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.
Read more Security flaws in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)Security flaws in Cisco
Posted on No Comments on Vulnerabilities in Google Chrome, Microsoft Edge, Windows Installer, Microsoft Smart Screen and Azure

Vulnerabilities in Google Chrome, Microsoft Edge, Windows Installer, Microsoft Smart Screen and Azure

This time we have a few vulnerabilities from Google and Microsoft:

  • Google Chrome V8 Enum Cache Out-Of-Bounds Read Remote Code Execution Vulnerability
  • Microsoft Edge DOMArrayBuffer Use-After-Free Remote Code Execution Vulnerability
  • Google Chrome WASM Improper Input Validation Remote Code Execution Vulnerability
  • Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
  • Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability
  • Microsoft Azure Private 5G Core InitialUEMessage Improper Input Validation Denial-of-Service Vulnerability
Read more Vulnerabilities in Google Chrome, Microsoft Edge, Windows Installer, Microsoft Smart Screen and Azure
Posted on No Comments on Electrolink FM/DAB/TV Transmitter

Electrolink FM/DAB/TV Transmitter

1. EXECUTIVE SUMMARY

  • CVSS v3 8.8
  • ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
  • Vendor: Electrolink
  • Equipment: FM/DAB/TV Transmitter
  • Vulnerabilities: Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and Integrity Checking, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow an attacker to obtain full system access, keep the device from transmitting, escalate privileges, change credentials, and execute arbitrary code.

Read more Electrolink FM/DAB/TV Transmitter

Posted on No Comments on Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability

Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability

A vulnerability in Cisco IOS Software for Cisco Catalyst 6000 Series Switches could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly.

This vulnerability is due to improper handling of process-switched traffic. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.

Read more Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability
Posted on No Comments on Few vulnerabilities in Linux Kernel

Few vulnerabilities in Linux Kernel

  • ZDI-24-297: Linux Kernel nft_exthdr_sctp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability
  • ZDI-24-298: Linux Kernel nft_exthdr_tcp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability
  • ZDI-24-299: Linux Kernel nft_exthdr_ipv6_eval Stack-based Buffer Overflow Information Disclosure Vulnerability
Read more Few vulnerabilities in Linux Kernel
Posted on No Comments on Big changes in my home server

Big changes in my home server

For a long time I was using Proxmox as my server OS. On it I had few VMs. One with Arch Linux (I’m using it as my daily OS through RDP), another one with Home Assistant, another one for media (Jellyfin app, Calibre, etc). And some created ad-hoc when needed for testing. But from some time I was thinking about big change. And finally it happened during this week.

Read more Big changes in my home server
Posted on

Multiple advisoried for Siemens systems

  • Siemens SINEMA Remote Connect Server
  • Siemens SIMATIC
  • Siemens SENTRON
  • Siemens Solid Edge
  • Siemens RUGGEDCOM APE1808
  • Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems
  • Siemens SINEMA Remote Connect Client
  • Siemens SENTRON 7KM PAC3x20
  • Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family
Read more Multiple advisoried for Siemens systems
Posted on

Multiple advisories in March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication

  • Cisco IOS XR Software SSH Privilege Escalation Vulnerability (Security Impact Rating: High)
  • Cisco IOS XR Software DHCP Version 4 Server Denial of Service Vulnerability (Security Impact Rating: Medium)
  • Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability (Security Impact Rating: Medium)
  • Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability (Security Impact Rating: High)
  • Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities (Security Impact Rating: Medium)
  • Cisco IOS XR Software Authenticated CLI Secure Copy Protocol and SFTP Denial of Service Vulnerability (Security Impact Rating: Medium)
  • Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability (Security Impact Rating: High)
Read more Multiple advisories in March 2024 release of the Cisco IOS XR Software Security Advisory Bundled Publication