SUSE CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

ALPINE-CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

OpenSSL 1.0.2 < 1.0.2zk Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2zk. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zk advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or...

D-Link DAR-7000-40 resmanage.php Command Injection Vulnerability

DAR-7000-40 is a network device suitable for multiple fields such as government, finance, insurance, hotels, small and medium-sized enterprises, and education industry. It provides professional traffic management capabilities, powerful content auditing, advanced Internet behavior management and...

RIOT RIOT-OS 缓冲区错误漏洞

RIOT RIOT-OS is an operating system for applications in the Internet of Things IoT space. A security vulnerability exists in RIOT RIOT-OS that stems from a lack of size checking in /sys/net/applicationlayer/gcoap/ that could lead to a buffer overflow...

The vulnerability of the Application Layer Gateway module in Juniper Networks’ Junos OS network devices of the SRX 5000 series allows a attacker to cause service interruptions.

The vulnerability of the Application Layer Gateway module in Juniper Networks’ Junos OS networking devices of the SRX 5000 series is related to incorrect buffer size calculations when processing incoming packets. Exploiting this vulnerability can allow a malicious actor to cause service...

CVE-2024-30405

An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service DoS. Continued receipt and processing of these...

PT-2024-2948 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS SRX 5000 Series versions prior to 21.2R3-S7 Juniper Networks Junos OS SRX 5000 Series version 21.4 versions prior to 21.4R3-S6 Juniper Networks Junos OS SRX 5000 Series version 22.1 versions prior to 22.1R3-S5 Junipe...

Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability

Talos Vulnerability Report TALOS-2024-1951 Open Automation Software OAS Platform OAS Engine Save Security Configuration file write vulnerability April 3, 2024 CVE Number CVE-2024-22178 SUMMARY A file write vulnerability exists in the OAS Engine Save Security Configuration functionality of Open...

Perfecting the Defense-in-Depth Strategy with Automation

Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern...

PT-2023-24182 · Bluetooth · Bluetooth

Name of the Vulnerable Software and Affected Versions: Bluetooth affected versions not specified Description: The issue is related to memory corruption that occurs while processing a pin reply in Bluetooth. This happens when the pin code received from the APP layer exceeds the expected size...

Imperva Successfully Mitigates Record-Breaking DDoS Attack in Retail Industry

In the dynamic world of cybersecurity, November 13, 2023, marked a significant milestone for Imperva as we successfully mitigated the largest application-layer DDoS attack we’ve ever recorded in the retail industry. The target was a prominent Indonesian eCommerce platform, known for its diverse...

The vulnerability of the application-level SIP ALG operating system Juniper Networks Junos routers of the MX and SRX series allows attackers to compromise the integrity of protected information.

The vulnerability of SIP application-level ALG operating systems running on Juniper Networks Junos routers of the MX and SRX series lies in insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to compromise the integrity of protected...

PT-2023-6307 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 20.4R3-S5 Junos OS versions prior to 21.1R3-S4 Junos OS versions prior to 21.2R3-S4 Junos OS versions prior to 21.3R3-S3 Junos OS versions prior to 21.4R3-S2 Junos OS versions prior to 22.1R2-S2, 22.1R3 Junos OS...

Medium: nginx

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

The vulnerability of the SIP ALG firewall on Juniper Networks Junos operating systems on devices with MS-MPC or MS-MIC interfaces allows a attacker to cause a service failure.

The vulnerability of the SIP ALG server on Juniper Networks’ Junos operating system on devices with MS-MPC or MS-MIC interfaces is related to incorrect handling of requests. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the SIP ALG server of Juniper Networks Junos OS allows a attacker to trigger a service failure.

The vulnerability of the SIP ALG server of Juniper Networks Junos OS is related to incorrect handling of requests. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

CVE-2022-45597

ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer not the transport layer and "Certificates are exchanged in a controlled fashion between entities...

Design/Logic Flaw

DISPUTED ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer not the transport layer and "Certificates are exchanged in a controlled fashion between...

PT-2023-14715 · Componentspace · Componentspace.Saml2

Name of the Vulnerable Software and Affected Versions: ComponentSpace.Saml2 version 4.4.0 Description: The issue concerns missing SSL certificate validation at the application layer. According to the vendor, this is not considered a vulnerability because certificates are exchanged between trusted...