The vulnerability of the verify_emsa_pkcs1ignature() function in the gmp IPSEC plugin of the strongSwan demon allows a attacker to disclose the protected information.

The vulnerability of the verifyemsapkcs1ignature function gmprsapublickey.c in the gmp IPSEC plugin for the strongSwan daemon allows for the exploitation of the cryptographic signature verification process. Exploiting this vulnerability could enable a malicious actor, operating remotely, to...

kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open

There is a use-after-free problem seen due to a race condition between the release of ptpclock and cdev while resource deallocation. When a high privileged process allocates a ptp device file like /dev/ptpX and voluntarily goes to sleep. During this time if the underlying device is removed, it ca...

Linux: Read /etc/ntp.conf (KB)

The ntpd program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol NTP version 4, but also retains compatibility with version 3, as defined by RFC-1305, and...

CVE-2020-6069

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file...

CVE-2020-6069

An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file...

Accusoft ImageGear JPEG jpegread precision code execution vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a...

CVE-2020-5215

In TensorFlow before 1.15.2 and 2.0.1, converting a string from Python to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker c...

Cisco ASR 9000 Series Aggregation Services Routers Precision Time Protocol DoS (cisco-sa-20180815-asr-ptp-dos)

According to its self-reported version, Cisco IOS XR Software is affected by a denial of service DoS vulnerability in the Local Packet Transport Services LPTS feature set of Cisco ASR 9000 Series Aggregation Services Routers. This is due to a lack of input and validation checking on certain...

Vital infrastructure: securing our food and agriculture

I don’t expect to hear any arguments on whether the production of our food is important or not. So why do we hardly ever hear anything about the cybersecurity in the food and agriculture sector? Depending on the country, agriculture makes up about 5 percent of the gross domestic product. That...

Cisco NX-OS Precision Time Protocol (PTP) Denial of Service Vulnerability

According to its self-reported version, the Cisco NX-OS Software is affected by a denial of service DoS vulnerability which exists in its Precision Time Protocol PTP implementation due to a lack of protection against PTP frame flood attacks. An unauthenticated, remote attacker can exploit this...

CVE-2019-1549

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

When Biology Becomes Software

All of life is based on the coordinated action of genetic parts genes and their controlling sequences found in the genomes the complete DNA sequence of organisms. Genes and genomes are based on code-- just like the digital language of computers. But instead of zeros and ones, four DNA letters ---...

Design/Logic Flaw

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

CVE-2019-1549

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

CVE-2019-1549 Fork Protection

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

CVE-2019-10709

AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call...

CVE-2019-10709

AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call...

Design/Logic Flaw

AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call...

CVE-2019-10709

CVE-2019-10709 affects Asus Precision TouchPad driver 11.0.0.25. A pool overflow in the AsusPTPFilter.sys/AsusTP device handling via DeviceIoControl (IOCTL 0x221408) with crafted input can trigger DoS and may enable elevation of privilege. Exploit samples show sending a 12048-byte payload to the ...

ASUS Asus Precision TouchPad Privilege Permission and Access Control Issues Vulnerability

ASUS Asus Precision TouchPad is a touchpad driver from Asus Taiwan, China. A security vulnerability exists in ASUS Asus Precision TouchPad version 11.0.0.25. The vulnerability can be exploited by an attacker to cause a denial of service and elevation of privilege...