Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

CVE-2022-20734: Cisco Security Advisory: Cisco SD-WAN vManage Software Information Disclosure Vulnerability

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

CVE
Open in Source
#vulnerability#cisco#perl#auth
CVE-2022-20780: Cisco Security Advisory: Cisco Enterprise NFV Infrastructure Software Vulnerabilities

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2022-20794: Cisco Security Advisory: Cisco TelePresence Collaboration Endpoint and RoomOS Software Vulnerabilities

Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.

AutoRABIT Secures $26M in Series B Investment from Full In Partners to Expand DevSecOps Platform

AutoRABIT intends to direct the funding toward growth initiatives and product development.

CVE-2022-23400: TALOS-2022-1465 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-22137: TALOS-2022-1449 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability.

Teleport Raises $110 Million Series C at $1.1 Billion Valuation Led by Bessemer Venture Partners

Funding follows dramatic revenue growth as identity-based access requirements skyrocket.

Experts Analyze Conti and Hive Ransomware Gangs Chats With Their Victims

An analysis of four months of chat logs spanning more than 40 conversations between the operators of Conti and Hive ransomware and their victims has offered an insight into the groups' inner workings and their negotiation techniques. In one exchange, the Conti Team is said to have significantly reduced the ransom demand from a staggering $50 million to $1 million, a 98% drop, suggesting a