Feed aggregator

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, an attacker must have a valid account on the device with the role of Security Approver, Intrusion Admin, Access Admin, or Network Admin.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to read the contents of databases on the affected device and also obtain limited read access to the underlying operating system.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sql-inject-2EnmTC8v

This advisory is part of the October 2024 release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication.

Security Impact Rating: Medium CVE: CVE-2024-20340

Categories: Cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability

Cisco Security Advisories - Thu, 03/05/2026 - 12:10am

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. Administrator-level privileges are required to exploit this vulnerability.

This vulnerability exists because the contents of a backup file are improperly sanitized at restore time. An attacker could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as root.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-cmd-inj-ZJV8Wysm

For more information on the vulnerability that is described in this advisory, see Cisco Event Response: Attacks Against Cisco Firewall Platforms.

Security Impact Rating: Medium CVE: CVE-2024-20358

Categories: Cisco

Relicensing with AI-Assisted Rewrite

Hacker News - Thu, 03/05/2026 - 12:07am

Article URL: https://tuananh.net/2026/03/05/relicensing-with-ai-assisted-rewrite/

Comments URL: https://news.ycombinator.com/item?id=47257803

Points: 1

# Comments: 0

Categories: Hacker News

NHS official pushed to add patient data to Palantir while advising company

Hacker News - Thu, 03/05/2026 - 12:04am

Article URL: https://www.ft.com/content/6c548670-0f3e-45f1-ba08-8bb6dd152af5

Comments URL: https://news.ycombinator.com/item?id=47257792

Points: 2

# Comments: 0

Categories: Hacker News

Multiple Cisco Products Snort 3 Denial of Service Vulnerabilities

Cisco Security Advisories - Thu, 03/05/2026 - 12:00am

Multiple Cisco products are affected by vulnerabilities in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection.

For more information about these vulnerabilities, see the Details section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-multi-dos-XFWkWSwz

This advisory is part of the March 2026 release of the Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2026 Semiannual Cisco Secure Firewall ASA, Secure FMC, and Secure FTD Software Security Advisory Bundled Publication.

Security Impact Rating: Medium CVE: CVE-2026-20005,CVE-2026-20065,CVE-2026-20066,CVE-2026-20067,CVE-2026-20068

Categories: Cisco

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software IPsec Denial of Service Vulnerability

Cisco Security Advisories - Thu, 03/05/2026 - 12:00am

A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to the allocation of an insufficiently sized block of memory. An attacker could exploit this vulnerability by sending crafted GCM-encrypted IPsec traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. To exploit this vulnerability, the attacker must have valid credentials to establish a VPN connection with the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-esp-dos-uv7yD8P5

Security Impact Rating: High CVE: CVE-2026-20049

Categories: Cisco

Cisco Secure Firewall Adaptive Security Appliance Software Multiple Context Mode SCP Unauthorized File Access Vulnerability

Cisco Security Advisories - Thu, 03/05/2026 - 12:00am

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This vulnerability is due to improper access controls for Secure Copy Protocol (SCP) operations when the Cisco SSH stack is enabled. An attacker could exploit this vulnerability by authenticating to a non-admin context of the device and issuing crafted SCP copy commands in that non-admin context. A successful exploit could allow the attacker to read, create, or overwrite sensitive files that belong to another context, including the admin and system contexts. The attacker cannot directly impact the availability of services that pertain to other contexts. To exploit this vulnerability, the attacker must have valid administrative credentials for a non-admin context. Note: An attacker cannot list or enumerate files from another context and would need to know the exact file path, which increases the complexity of a successful attack.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-scpcxt-filecpy-rgeP73nE

Security Impact Rating: High CVE: CVE-2026-20062

Categories: Cisco

Biographical Information Summary - This is Just a Summary Joe Pearce
About Joe Pearce joeintenn
Links Joe Pearce
Flounder's Keylime Pie is the Best in the World, At Least I Think So... Joe Pearce
Harley Ride Joe Pearce
Cobra with New Cover Joe Pearce
Mustang Cobra After Ceramic Coating Joe Pearce
Carter County Cruise In Joe Pearce
2003 Ford Mustang SVT Cobra Convertible NAPA Auto Car Show Top 10 Joe Pearce
Ponies in the Smokies - Mustang Trophy Joe Pearce

Feed aggregator

Ghinst – Install from GitHub release section to –/.local/bin

Restoring ReBoot from the Original Master D1 Tapes [video]

Show HN: The Playwright GitHub Repositories Worth Studying

Teaching Coding Agents to Drive Cmux

The cognitive cost of easy answers, a lesson from RL

Washington Post – In the Long Run, Wars Make Us Safer and Richer (2014)

The Self-Help Trap: What 20 Years of "Optimizing" Has Taught Me

Improving Django Admin UI with Django-unfold

A GB300 thread that running vLLM and SGlang on it

Show HN: Your AI Slop Bores Me

Gogcli – Google in Your Terminal

Stack Overflow on AI: A Computer Weekly Downtime Upload podcast

Why a Robotics Startup's Failure Proves the Robot Starts with the Actuator

Cisco Secure Firewall Management Center Software SQL Injection Vulnerability

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability

Relicensing with AI-Assisted Rewrite

NHS official pushed to add patient data to Palantir while advising company

Multiple Cisco Products Snort 3 Denial of Service Vulnerabilities

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software IPsec Denial of Service Vulnerability

Cisco Secure Firewall Adaptive Security Appliance Software Multiple Context Mode SCP Unauthorized File Access Vulnerability

Pages

Welcome to Joe Pearce's Home Page.

Web page offered by Joe Pearce © 2004 - 2025 - All rights reserved.

Thanks to the ETSU Computer and Information Sciences Department.

Thanks to the NSTCC Computer and Information Sciences and Computer Engineering Technologies Department.

This is my Favicon.

You are here

Feed aggregator

Pages

Welcome to Joe Pearce's Home Page.

Web page offered by Joe Pearce © 2004 - 2025 - All rights reserved.

Thanks to the ETSU Computer and Information Sciences Department.

Thanks to the NSTCC Computer and Information Sciences and Computer Engineering Technologies Department.

This is my Favicon.