F5 BIG-IP Security Vulnerabilities

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A security vulnerability exists in F5 BIG-IP, which can be exploited by an attacker to trigger a denial of service by requesti...

Phoenix Contact PLCnext Control Devices 输入验证错误漏洞

Phoenix Contact PLCnext Control Devices is a programmable logic controller for industrial environments from Phoenix Contact. An input validation error vulnerability exists in Phoenix Contact PLCnext Control Devices prior to version 2021.0 LTS, which stems from a specially designed LLDP packet tha...

OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information...

HCL BigFix Inventory 安全漏洞

HCL BigFix Platform is a suite of endpoint security management platform from HCL India. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in HCL BigFix Inventory v10.0.2 onwards, which stems from not disabling the...

DEBIAN-CVE-2020-27067

In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173...

CVE-2020-27067

In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173...

UBUNTU-CVE-2020-27067

In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2020-27028

In filterincomingevent of hcilayer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

The vulnerability affects the implementation of the multi-protocol border gateway protocol (MP-BGP) for L2VPN and Ethernet VPN (EVPN) in Cisco IOS and Cisco IOS XE operating systems. This vulnerability allows a attacker to cause service interruptions.

The vulnerability of the MP-BGP protocol for L2VPN and Ethernet VPN EVPN in Cisco IOS and Cisco IOS XE operating systems is related to errors in processing BGP update messages. Exploiting this vulnerability can allow a malicious actor to cause service failures...

IBM Financial Transaction Manager for SWIFT Services 信息泄露漏洞

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is a financial transaction manager product from IBM, USA. The product is primarily used for monitoring, tracking and reporting financial payments and transactions. An information disclosure vulnerability exists in IBM Financi...

CVE-2020-4905

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to obtain sensitive information...

Ubuntu: Security Advisory (USN-4660-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel regression (USN-4660-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4660-2 advisory. USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with...

GHSA-M648-33QF-V3GP CHECK-fail in LSTM with zero-length input in TensorFlow

Impact Running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. Patches We have patched the...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a denial-of-service vulnerability that stems from the LSTM GRU layer receiving a zero-length input when using a CUDA backend, which results in a check failure. An...

SIEMENS SICAM A8000 RTUs SSL Configuration Insecurity Vulnerability

The SIEMENS SICAM A8000 RTUs Remote Terminal Units series is a modular device family for remote control and automation applications in all areas of energy supply. A security vulnerability exists in the SIEMENS SICAM A8000 RTUs. An attacker could exploit the vulnerability to decrypt communications...

Multiple Qualcomm Products Competitive Conditions Issue Vulnerability

A Qualcomm chip is a chip from Qualcomm Incorporated USA. It is a way of miniaturizing circuitry mainly semiconductor devices, but also passive components, etc. and is often fabricated on the surface of semiconductor wafers. Multiple Qualcomm products are vulnerable to a race condition issue, whi...