#dos

By Deeba Ahmed Cisco Releases Security Patches for Critical Vulnerabilities in Catalyst SD-WAN Manager. This is a post from HackRead.com Read the original post: Unpatched Cisco Catalyst SD-WAN Manager Systems Exposed to DoS Attacks

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PanelView 800 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify data, or cause a denial-of-service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation PanelView 800, a graphics terminal, are affected: PanelView 800 2711R-T10T: V3.011 PanelView 800 2711R-T7T: V3.011 PanelView 800 2711R-T4T: V3.011 3.2 Vulnerability Overview 3.2.1 Improper Input Validation CWE-20 An input/output validation vulnerability exists in a third-party component that the PanelView™ 800 utilizes. Libpng, which is PNG's reference library, version 1.6.32 and earlier does not properly check the length of chunks against the user limit. Libpng versions prior to 1.6.32 are susceptible to a vulnerability which, when successfully e...

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45047: A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server. * CVE-2023-3628: A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the...

Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulne...

Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component.

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content. There are workarounds that address this vulnerability.

A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition.

A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource management when processing traffic that is received on the management interface. An attacker could exploit this vulnerability by sending a high rate of traffic to the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exploit this vulnerability by sending crafted L2TP packets to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability.