Adobe DNG Software Development Kit Buffer Overflow Vulnerability (CNVD-2020-38182)

Adobe DNG Software Development Kit SDK is a software development kit that provides the ability to read and write DNG files from the American company Audobee Adobe. A buffer overflow vulnerability exists in the Adobe DNG Software Development Kit. An attacker could exploit this vulnerability to...

How a Facebook Bug Took Down Spotify, TikTok, and Other Major iOS Apps

Thank a tiny change to a software development kit for widespread crashes Wednesday, including the Spotify and TikTok apps...

java security update

CentOS Errata and Security Advisory CESA-2020:1507 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

How to Use VSSTrace to Collect VSS Diagnostic Logging

Challenge This article explains how to collect additional VSS diagnostic data with the VSSTrace tool, a Microsoft Windows Software Development Kit SDK component. Cause Veeam products use Microsoft Volume Shadow Copy Service VSS for various tasks. Sometimes it is necessary to go through the...

dpdk: possible memory leak leads to denial of service

A flaw was found in dpdk where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition...

OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)

A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions...

OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Denial Of Service (DoS)

IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit is vulnerable to Denial of Service DoS. The attack exists because it does not prevent remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2020-8016

A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows...

CVE-2020-8016

CVE-2020-8016 is a local-privilege issue described as a race condition in the packaging of texlive-filesystem affecting SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SLED/SLES 12-SP4/12-SP5, and openSUSE Leap 15.1. The underlying problem: a race condition in linking during packagi...

dpdk: possible memory leak leads to denial of service

A flaw was found in dpdk where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition...

PT-2020-10924 · Parrot · Parrot Anafi

Name of the Vulnerable Software and Affected Versions: Parrot ANAFI affected versions not specified Description: The web server running on Parrot ANAFI can be crashed due to the SDK command Common CurrentDateTime being sent to the control service with a larger than expected date length...

Unauthorized Access Vulnerability in Kodak Video Surveillance Devices

hereinafter referred to as KODAK is a provider of video and security products and solutions, dedicated to video conferencing, video surveillance and a wealth of video application solutions to help all kinds of government and enterprise customers to solve the visual communication and management...

PT-2020-10459 · Heartland & Global Payments · Heartland & Global Payments Php Sdk

Name of the Vulnerable Software and Affected Versions: Heartland & Global Payments PHP SDK versions prior to 2.0.0 Description: The issue concerns the failure to enforce SSL certificate validations in the Gateways/Gateway.php file. This could potentially lead to security risks, as it may allow fo...

CVE-2019-17519

The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet...

CVE-2019-19196

The Bluetooth Low Energy Secure Manager Protocol SMP implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices accepts a pairing request with a key size greater than 16 bytes, allowing an...

OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Application Developer for WebSphere Software (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. A...