Archive for December, 2021

Adding Resiliency to BGP Avoids Network Outages, Data Loss

Cisco Umbrella has mechanisms in place to ensure that end users don’t lose connectivity even if ISPs and service providers experience outages.
Source: DarkReading
Adding Resiliency to BGP Avoids Network Outages, Data Loss

CVE-2021-4193

vim is vulnerable to Out-of-bounds Read
Source: NIST
CVE-2021-4193

CVE-2021-4192

vim is vulnerable to Use After Free
Source: NIST
CVE-2021-4192

CVE-2021-4181

Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
Source: NIST
CVE-2021-4181

CVE-2021-4186

Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
Source: NIST
CVE-2021-4186

CVE-2021-4185

Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
Source: NIST
CVE-2021-4185

CVE-2021-4184

Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
Source: NIST
CVE-2021-4184

CVE-2021-4190

Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file
Source: NIST
CVE-2021-4190

CVE-2021-45732

Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed.
Source: NIST
CVE-2021-45732

CVE-2021-45077

Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information in plaintext. All usernames and passwords for the device’s associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configuration file on the device.
Source: NIST
CVE-2021-45077