Ubuntu: Security Advisory (USN-5546-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5546-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5546-2: OpenJDK 8 vulnerabilities

USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain...

USN-5546-2 openjdk-8 vulnerabilities

USN-5546-1 fixed vulnerabilities in OpenJDK. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Neil Madden discovered that OpenJDK did not properly verify ECDSA signatures. A remote attacker could possibly use this issue to insert, edit or obtain...

USN-5388-1: OpenJDK vulnerabilities

It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. CVE-2022-21426 It was discovered that OpenJDK incorrectly handled converting certain object arguments into their...

CVE-2020-7932

OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...

PYSEC-2020-244

OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...

CVE-2019-16027 Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability

A vulnerability in the implementation of the Intermediate SystemtoIntermediate System ISIS routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service DoS condition in the ISIS process. The vulnerability is due to improper...

OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

Memory corruption

Memory leak in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service memory consumption via a large number of ASN.1 object identifiers in X.509 certificates...

CVE-2019-3928

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter...

CVE-2019-3927

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or...

PT-2019-16782 · Crestron · Crestron Am-100 +1

Name of the Vulnerable Software and Affected Versions: Crestron AM-100 version 1.6.0.2 Crestron AM-101 version 2.7.0.2 Description: The issue allows any user to obtain the presentation passcode via specific OIDs, iso.3.6.1.4.1.3212.100.3.2.7.4. A remote, unauthenticated attacker can exploit this ...

CVE-2018-20439

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests...

CVE-2018-20395

NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests...

CVE-2018-20392

S-A WebSTAR DPC2100 v2.0.2r1256-060303 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests...

CVE-2018-20385

CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests...

Cambium Networks cnPilot Elevation of Privilege Vulnerability

Cambium Networks cnPilot is a cloud-enabled managed single-band router product from Cambium Networks, USA. A security vulnerability exists in Cambium Networks cnPilot using firmware version 4.3.2-R4 and earlier. An attacker can exploit the vulnerability to obtain sensitive information usernames a...

UBUNTU-CVE-2017-7792

A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier OID. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

The vulnerability of the Simple Network Management Protocol (SNMP) subsystem of the Cisco IOS operating system, which allows a hacker to inject code or trigger a system reboot.

Many vulnerabilities in the Simple Network Management Protocol SNMP subsystem of the Cisco IOS operating system are caused by buffer overflows. Exploitation of these vulnerabilities allows a malicious actor to inject code into the system or cause it to restart by sending specially created SNMP...