There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.

GENTOO:GLSA-202107-27 | URL:https://security.gentoo.org/glsa/202107-27 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831 | URL:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24831 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1939142 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1939142 | MLIST:[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update | URL:https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html | MLIST:[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update | URL:https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html

A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.

CISCO:20210922 Cisco Aironet Access Points WLAN Control Protocol Packet Buffer Leak Denial of Service Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-pktleak-dos-uSTyGrL

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition.

CISCO:20211103 Cisco Email Security Appliance Denial of Service Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.

CISCO:20211006 Cisco Vision Dynamic Signage Director Reflected Cross-Site Scripting Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cvdsd-xss-fvdj6HK

A vulnerability in the application integration feature of Cisco Webex Software could allow an unauthenticated, remote attacker to authorize an external application to integrate with and access a user's account without that user's express consent. This vulnerability is due to improper validation of cross-site request forgery (CSRF) tokens. An attacker could exploit this vulnerability by convincing a targeted user who is currently authenticated to Cisco Webex Software to follow a link designed to pass malicious input to the Cisco Webex Software application authorization interface. A successful exploit could allow the attacker to cause Cisco Webex Software to authorize an application on the user's behalf without the express consent of the user, possibly allowing external applications to read data from that user's profile.

CISCO:20211020 Cisco Webex Software Application Authorization Bypass Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-2FmKd7T

Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.

CISCO:20211006 Cisco Business 220 Series Smart Switches Static Key and Password Vulnerabilities | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-hardcoded-cred-MJCEXvX

A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7.

CONFIRM:https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+AppDynamics+.NET+Agent+Privilege+Escalation+Vulnerability | URL:https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+AppDynamics+.NET+Agent+Privilege+Escalation+Vulnerability

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.

CISCO:20210901 Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh | MISC:https://github.com/orangecertcc/security-research/security/advisories/GHSA-gqx8-c4xr-c664

A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an affected device.

CISCO:20211006 Cisco Intersight Virtual Appliance Command Injection Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-command-inject-CGyC8y2R

A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.

CISCO:20210818 Multiple Cisco Products Server Name Identification Data Exfiltration Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN | DEBIAN:DSA-5354 | URL:https://www.debian.org/security/2023/dsa-5354 | MLIST:[debian-lts-announce] 20230210 [SECURITY] [DLA 3317-1] snort security update | URL:https://lists.debian.org/debian-lts-announce/2023/02/msg00011.html