PT-2026-8090

Name of the Vulnerable Software and Affected Versions NSFOCUS NIPS/IPS versions prior to Rule 5.6.11 Description The NSFOCUS Network Intrusion Prevention System NIPS / Intrusion Prevention System IPS is affected by an issue addressed with updates to the system’s detection rules in the 5.6.11...

How Cisco Talos powers the solutions protecting your organization

Cisco Talos is Cisco's threat intelligence and security research organization that powers Cisco's product portfolio with that intelligence. While we are well known for the security research in our blog, vulnerability discoveries, and our open-source software, you may not be aware of exactly how o...

Information Leakage Vulnerability in Network Intrusion Protection System of Beijing Shenzhou Green Alliance Technology Co.

Beijing Shenzhou Green Alliance Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application services. There is an information leakage vulnerability in the network intrusion prevention system of Beijing Shenzhou Green Alliance Technology Co. Ltd, which...

Security Bulletin: A vulnerability in the GSKit component of IBM Security Network Intrusion Prevention System (CVE-2016-0201)

Summary A vulnerability has been addressed in the GSKit component of IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could...

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by krb5 vulnerabilities (CVE-2014-4341, CVE-2013-1418 )

Summary Security vulnerabilities have been discovered in krb5 used with IBM Security Intrusion Prevention System. Vulnerability Details CVEID: CVE-2014-4341 DESCRIPTION: MIT Kerberos is vulnerable to a denial of service, caused by a NULL pointer dereference. By injecting invalid tokens into a...

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by multiple vulnerabilities

Summary Multiple security vulnerabilities CVE-2018-1426, CVE-2018-1427, CVE-2018-1428, CVE-2017-3736, CVE-2017-3732, CVE-2016-0705, and CVE-2018-1447 have been discovered in GSKit used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION:...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Security Network Intrusion Prevention System (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID:CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

Security Bulletin: Network Intrusion Prevention System is affected by multiple D-BUS and PHP vulnerabilities (CVE-2014-3638, CVE-2014-3639, CVE-2014-3477, CVE-2014-5459, CVE-2014-3597, CVE-2014-4721)

Summary Security vulnerabilities have been discovered in the D-BUS CVE-2014-3638 CVE-2014-3639 CVE-2014-3477 and PHP CVE-2014-5459 CVE-2014-3597 CVE-2014-4721 components of IBM Security Network Intrusion Prevention System Vulnerability Details CVE-ID: CVE-2014-3638 DESCRIPTION: D-Bus is vulnerabl...

Security Bulletin: Libxml2 vulnerabilities in Network Intrusion Prevention System (CVE-2014-0191, CVE-2013-2877, CVE-2014-3660, CVE-2013-5211)

Summary Security vulnerabilities have been discovered in the libxml2 component of IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2014-0191 DESCRIPTION: Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the...

Security Bulletin: IBM Security Network Intrusion Prevention System CPU utilization (CVE-2014-0963)

Summary IBM Security Network Intrusion Prevention System is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: IBM Security Network Intrusion...

Security Bulletin: A vulnerability in GSKit affects IBM Security Network Intrusion Prevention System (CVE-2015-1788)

Summary A security vulnerability has been discovered in GSKit used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVE ID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters structure over a...

Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network Intrusion Prevention System (CVE-2015-5600)

Summary A security vulnerability has been discovered in OpenSSH used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-5600 DESCRIPTION: OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive...

Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Network Intrusion Prevention System (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM Security Netwoik Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION: glibc is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...

Security Bulletin: A vulnerability in sudo affects IBM Security Network Intrusion Prevention System (CVE-2014-9680)

Summary A security vulnerability has been discovered in sudo used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2014-9680 DESCRIPTION: Todd Miller sudo could allow a local attacker to bypass security restrictions, caused by the failure to check the TZ...

Security Bulletin: Vulnerability in SSLv3 affects IBM Security Network Intrusion Prevention System (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Security Network Intrusion Prevention System. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacke...

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by a vulnerability in OpenSSL (CVE-2016-2183)

Summary IBM Security Network Intrusion Prevention Systems has addressed the following vulnerability in OpenSSL. The vulnerability is known as the SWEET32 Birthday attack CVE-2016-2183. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitiv...

Security Bulletin: Vulnerabilities in GNU glibc affect IBM Security Network Intrusion Prevention System (CVE-2013-2207, CVE-2014-8121, and CVE-2015-1781 )

Summary The GNU glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the Name Server Caching Daemon nscd used by multiple programs on the system. Security vulnerabilities have been discovered in glibc used with IBM Security...

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by a vulnerability in Apache (CVE-2007-6750)

Summary A security vulnerability have been discovered in Apache used with IBM Security Intrusion Prevention System. Vulnerability Details CVEID:CVE-2007-6750 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service. By sending specially crafted partial HTTP requests, a remote attacker...

Security Bulletin: Vulnerabilities in curl affect IBM Security Network Intrusion Prevention System

Summary The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security vulnerabilities have been discovered in libcurl used with IBM Security Network Intrusion Prevention System. Vulnerability...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network Intrusion Prevention System (CVE-2015-3194, CVE-2015-3195, and CVE-2015-3196)

Summary Security vulnerabilities have been discovered in OpenSSL used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2015-3194 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when verifying certificates via a...