Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL (CVE-2024-6119, CVE-2024-5535)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL CVE-2024-6119, CVE-2024-5535 Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients...

Siemens Desigo CC product family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Hitachi Energy RTU500 series

1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 series Vulnerabilities: Observable Discrepancy, Buffer Over-read, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2020-1072)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for tcpdump (EulerOS-SA-2019-2233)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.5.0 : tcpdump (EulerOS-SA-2020-1072)

According to the versions of the tcpdump package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer,...

EulerOS 2.0 SP5 : tcpdump (EulerOS-SA-2019-2233)

According to the versions of the tcpdump package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack...

CVE-2019-1010220

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "NDPRINTndo, "%s", buf;", in function named "printprefix", in "print-hncp.c". The attack vector is: The victim must open a...

CVE-2019-1010220

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "NDPRINTndo, "%s", buf;", in function named "printprefix", in "print-hncp.c". The attack vector is: The victim must open a...

CVE-2019-1010220

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "NDPRINTndo, "%s", buf;", in function named "printprefix", in "print-hncp.c". The attack vector is: The victim must open a...

CVE-2019-1010220

tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "NDPRINTndo, "%s", buf;", in function named "printprefix", in "print-hncp.c". The attack vector is: The victim must open a...

Amazon Linux 2 : curl (ALAS-2018-1029)

Curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command...

Heap overflow

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have...

CVE-2018-1000301

CVE-2018-1000301 is a curl RTSP buffer over-read vulnerability tracked across multiple advisories. The issue occurs in curl versions 7.20.0 through 7.59.0, where RTSP response parsing can leave a pointer into a buffer, causing reads beyond the end of a heap-based buffer storing downloaded content...

CVE-2018-1000301

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have...

FreeBSD : Irssi -- multiple vulnerabilities (3d6be69b-d365-11e6-a071-001e67f15f5a)

Irssi reports : Five vulnerabilities have been located in Irssi - A NULL pointer dereference in the nickcmp function found by Joseph Bisch. CWE-690 - Use after free when receiving invalid nick message Issue 466, CWE-146 - Out of bounds read in certain incomplete control codes found by Joseph Bisc...

Irssi -- multiple vulnerabilities

Irssi reports: Five vulnerabilities have been located in Irssi A NULL pointer dereference in the nickcmp function found by Joseph Bisch. CWE-690 Use after free when receiving invalid nick message Issue 466, CWE-146 Out of bounds read in certain incomplete control codes found by Joseph Bisch...