The vulnerability of the TCP packet processing function in Cisco IP Phone microprogramming software allows a hacker to trigger a service failure.

The vulnerability of the TCP packet processing function in Cisco IP Phone microprogramming software is related to state management errors. Exploiting this vulnerability can allow a remote attacker to cause service failures...

ALPINE-CVE-2020-28327

A respjsipsession crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This...

UBUNTU-CVE-2020-28327

A respjsipsession crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This...

Fortinet FortiOS < 5.6.13 / 6.0 < 6.0.11 / 6.1 < 6.2.5 / 6.3 < 6.4.2 Heap Buffer overflow (FG-IR-20-082)

The remote host is running a version of FortiOS prior to 5.6.13, 6.0 prior to 6.0.11, 6.1 prior to 6.2.5, or 6.3 prior to 6.4.2. It is, therefore, affected by a buffer overflow in the Link Control Protocol that could allow an authenticated remote attacker to crash the SSL VPN daemon and could be...

The vulnerability of the TCP/IP protocol stack implementation in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the TCP/IP protocol stack implementation in the Windows operating system is related to errors in ICMPv6 packet processing. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

USN-4579-1 linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities

Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-16119 Wen Xu discover...

LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable t...

FortiOS LCP Message Denial of Service Vulnerability

Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. A denial-of-service vulnerability exists in Fortinet FortiOS handling of LCP messages, which can be exploited by a remote attacker to submit a special oversized LCP message request that can crash...

USN-4542-1 miniupnpd vulnerabilities

It was discovered that MiniUPnPd did not properly validate callback addresses. A remote attacker could possibly use this issue to expose sensitive information. CVE-2019-12107 It was discovered that MiniUPnPd incorrectly handled unpopulated user XML input. An attacker could possibly use this issue...

CVE-2020-3488

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points CAPWAP protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition of an affected...

CVE-2020-3494 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Denial of Service Vulnerabilities

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points CAPWAP protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition of an affected...

PT-2020-6793 · Fortinet · Fortigate +1

Name of the Vulnerable Software and Affected Versions: FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier Description: A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages may allow a remote attacker with valid SSL VPN credentials to crash the...

CVE-2020-5918

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management Microkernel TMM may stop responding when processing Stream Control Transmission Protocol SCTP traffic when traffic volume is high. This vulnerability...

chromium-browser: Inappropriate implementation in WebRTC

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream...

Google Chrome Code Execution Vulnerability (CNVD-2020-49886)

Google Chrome is a web browser from Google, Inc.SCTP is one of the Stream Control Transmission Protocols SCTP. A security vulnerability exists in SCTP in versions prior to Google Chrome 84.0.4147.105. An attacker can exploit the vulnerability to execute arbitrary code with the help of specially...

CVE-2020-1653

On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine RE may cause mbuf leak which can lead to Flexible PIC Concentrator FPC crash or the system to crash and restart vmcore. This issue can be trigged by IPv4 or IPv6 and it is caused only by TCP packets. This iss...

CVE-2020-11912

The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read...

CVE-2020-11898

The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak...

Treck TCP/IP ARP Component Input Validation Error Vulnerability

Treck TCP/IP is a suite of TCP Transmission Control Protocol/IP Internet Interconnection Protocol from Treck, Inc. dedicated to embedded systems. An input validation error vulnerability exists in the Treck TCP/IP ARP component. An attacker could exploit the vulnerability to cause an out-of-bounds...

Cisco Firepower Threat Defense (FTD) DoS (cisco-sa-asaftd-mgcp-SUqB8VKH)

A denial of service DoS vulnerability exists in Cisco Firepower Threat Defense FTD due to inefficient memory management in its Media Gateway Control Protocol MGCP inspection component. An unauthenticated, remote attacker can exploit this issue, by sending specially crafted packets to an affected...