Security Bulletin: File vulnerabilities affect IBM SmartClound Entry

Summary IBM SmartCloud Entry is vulnerable to file vulnerabilities, An attacker could exploit these vulnerabilities to use a specially-crafted file to consume all available CPU resources, cause a denial of service, execute arbitrary code, or cause applications/executables to crash. CVE-2014-3538...

Security Bulletin: Multiple vulnerabilities in openssl, gnutl, mysql, kernel, glibc, ntp shipped with SmartCloud Entry Appliance

Summary Multiple vulnerabilities have been idintified in openssl, gnutl, mysql, kernel, glibc and ntp shipped with SmartCloud Entry Appliance. SmartCloud Entry Appliance has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: The SSL/TLS protocol is vulnerable t...

[ASA-202007-2] wireshark-cli: denial of service

Arch Linux Security Advisory ASA-202007-2 ========================================= Severity: Low Date : 2020-07-18 CVE-ID : CVE-2020-15466 Package : wireshark-cli Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1198 Summary ======= The package wireshark-cli before...

Wireshark 3.2.x < 3.2.5 A Vulnerability (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.2.5. It is, therefore, affected by a vulnerability as referenced in the wireshark-3.2.5 advisory. - In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in...

Race condition

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...

Debian: Security Advisory (DLA-2214-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in WebSphere Application Server Liberty

Summary Multiple vulnerabilities in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2019-9515 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack. By sending ...

Debian DLA-2214-1 : libexif security update

Various vulnerabilities have been addressed in libexif, a library to parse EXIF metadata files. CVE-2016-6328 An integer overflow when parsing the MNOTE entry data of the input file had been found. This could have caused denial of service DoS and Information Disclosure disclosing some critical he...

Denial Of Service (DoS)

php is vulnerable to denial of service. When unserializing untrusted data on 64-bit platforms, the zendhashinit function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script...

CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

Wireshark 3.2.x < 3.2.2 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.2.2 advisory. - In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak...

Wireshark 3.0.x < 3.0.9 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.0.9. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.0.9 advisory. - In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak...

Wireshark 3.0.x < 3.0.9 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 3.0.9. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.0.9 advisory. - In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This...

Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities

Summary IBM Security SiteProtector System has addressed the following vulnerabilities in Apache HTTP Server. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a...

Huawei EulerOS: Security Advisory for libexif (EulerOS-SA-2019-1781)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libexif (EulerOS-SA-2019-1095)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-1783)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-3739

A flaw was found in https-proxy-agent, prior to version 2.2.0. It was discovered https-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

[SECURITY] [DLA 2045-1] tightvnc security update

Package : tightvnc Version : 1.3.9-6.5+deb8u1 CVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-8287 CVE-2018-20021 CVE-2018-20022 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-15681 Debian Bug : 945364 Several vulnerabilities have recently been discovered in TightVNC 1.x, an X11 based VNC...

EulerOS 2.0 SP3 : subversion (EulerOS-SA-2019-2669)

According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Subversion's moddontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-servic...