There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.

GENTOO:GLSA-202107-27 | URL:https://security.gentoo.org/glsa/202107-27 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409 | URL:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27409 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1939160 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=1939160 | MLIST:[debian-lts-announce] 20210703 [SECURITY] [DLA 2701-1] openexr security update | URL:https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html | MLIST:[debian-lts-announce] 20221211 [SECURITY] [DLA 3236-1] openexr security update | URL:https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database corruption on the affected device For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Cisco has released firmware updates that address these vulnerabilities.

CISCO:20211006 Cisco Small Business 220 Series Smart Switches Link Layer Discovery Protocol Vulnerabilities | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb220-lldp-multivuls-mVRUtQ8T

A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, which causes a DoS condition on the affected device. The device must be manually reloaded to recover.

CISCO:20211027 Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-rUDseW3r

A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application.

CISCO:20211006 Cisco DNA Center Information Disclosure Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-infodisc-KyC6YncS

A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability.

CISCO:20211027 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-tls-decrypt-dos-BMxYjm8M

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

CISCO:20211103 Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-xss-U2JK537j

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

CISCO:20210908 Cisco BroadWorks CommPilot Application Software Vulnerabilities | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

CISCO:20210908 Cisco BroadWorks CommPilot Application Software Vulnerabilities | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N

A vulnerability in the identity-based firewall (IDFW) rule processing feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass security protections. This vulnerability is due to improper handling of network requests by affected devices configured to use object group search. An attacker could exploit this vulnerability by sending a specially crafted network request to an affected device. A successful exploit could allow the attacker to bypass access control list (ACL) rules on the device, bypass security protections, and send network traffic to unauthorized hosts.

CISCO:20211027 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Identity-Based Rule Bypass Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rule-bypass-ejjOgQEY

A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for shared library files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with root privileges. To exploit this vulnerability, the attacker must have a valid account on the system.

CISCO:20211006 Cisco AnyConnect Secure Mobility Client for Linux and Mac OS with VPN Posture (HostScan) Module Shared Library Hijacking Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-lib-hija-cAFB7x4q

A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials.

CISCO:20211020 Cisco Tetration Stored Cross-Site Scripting Vulnerability | URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sec-work-xss-t6SYtu8Q