GIXnews

A vulnerability in Red Hat JBoss RichFaces could allow an unauthenticated, remote attacker to inject arbitrary code on a targeted system. The vulnerability exists because the affected software allows injection of arbitrary Expression Language (EL) expressions. An attacker could exploit this vulnerability by using the org.richfaces.renderkit.html.Paint2DResource$ImageData object (RF-14310) to pass malicious resource data to the …

Red Hat JBoss RichFaces Expression Language Injection Arbitrary Java Code Execution VulnerabilityRead More »

Mitsubishi has developed a new indoor lighting system that mimics blue skies, sunrises and sunsets. Source:: BBC News – Technology

Superfast 5G mobile will require new handsets, but will the new services justify the extra expense? Source:: BBC News – Technology

AWS Single Sign-On (SSO) now provides a directory by default that you can use to create users and organize them in groups within AWS SSO. Within minutes, you can grant your users and groups permissions to AWS resources in all your AWS accounts as well as many business applications. Your users sign in to a …

Now You Can Create and Manage Users within AWS Single Sign-OnRead More »

A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system. The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the …

libssh Server-Side State Machine Unauthorized Access VulnerabilityRead More »

AWS Service Catalog, used by enterprises to organize and govern cloud resources on AWS, now enables your end users to perform self-service actions on your provisioned products, without needing to grant end users full access to AWS services. Source:: Amazon AWS

Today, Infineon’s XMC4800 IoT Connectivity Kit is qualified for Amazon FreeRTOS. You can now take advantage of Amazon FreeRTOS features and benefits for microcontrollers using the development board from Infineon. Source:: Amazon AWS

A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Group Tags (SGTs) during a wireless …

Cisco Wireless LAN Controller Software Privilege Escalation VulnerabilityRead More »

A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking mechanisms in the web-based interface URL request. An attacker could exploit this vulnerability by requesting …

Cisco Wireless LAN Controller Software Information Disclosure VulnerabilityRead More »

A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the …

Cisco Wireless LAN Controller Software GUI Privilege Escalation VulnerabilityRead More »

A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a …

Cisco Wireless LAN Controller Software Directory Traversal VulnerabilityRead More »

A vulnerability in the web-based interface of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface. An attacker could exploit …

Cisco Wireless LAN Controller Software Cross-Site Scripting VulnerabilityRead More »

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that …

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure VulnerabilityRead More »

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper input validation on fields within CAPWAP Discovery Request packets by the affected device. An …

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Denial of Service VulnerabilityRead More »

A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit …

Cisco SocialMiner Cross-Site Scripting VulnerabilityRead More »

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit …

Cisco Prime Collaboration Assurance Cross-Site Request Forgery VulnerabilityRead More »

A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of protection against PTP frame flood attacks. An …

Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service VulnerabilityRead More »

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this …

Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service VulnerabilityRead More »

A vulnerability in the 802.11r Fast Transition feature set of Cisco IOS Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a corruption of certain timer mechanisms triggered by specific roaming events. This corruption will eventually cause …

Cisco IOS Access Points Software 802.11r Fast Transition Denial of Service VulnerabilityRead More »

A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP …

Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service VulnerabilityRead More »