The vulnerability of the ssl_inspection component in Cisco Firepower Threat Defense’s microprogramming software allows a attacker to trigger a service failure.

The vulnerability of the sslinspection component of Cisco Firepower Threat Defense’s microprogramming network interface layer exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending corrupted TLS...

The vulnerability of Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense, a microprogramming-based network device for SSL/TLS session processors, allows attackers to induce service failures.

The vulnerability of Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense’s SSL/TLS session processors involves uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by initiating multiple SSL/TLS sessions and...

Citrix App Layering 4: LayerPriority Utility

Please note: You can download the required file from the Citrix downloads website by visiting the following link:https://www.citrix.com/downloads/citrix-tools Introduction This utility is used to modify the layer priority of App layers. The documentation provided here includes an explanation of...

CVE-2020-3444

A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by...

UBUNTU-CVE-2020-28327

A respjsipsession crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This...

CVE-2020-27617

ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...

DEBIAN-CVE-2020-27617

ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...

CVE-2020-27617

ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...

CVE-2020-27617

ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...

UBUNTU-CVE-2020-17490

The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions...

UBUNTU-CVE-2020-27617

ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...

CVE-2020-27617

ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...

CVE-2020-27617

ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...

CVE-2020-27617

ethgetgsotype in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol...

Vulnerabilities fixed in Salt

Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. Exploiting the vulnerabilities allows an unauthenticated malicious person to execute willful code with permissions of the application. To do this, the malicious party must have...

Deception Technology: No Longer Only A Fortune 2000 Solution

A cyber-attacker successfully breaks into your environment and begins sneaking around to find something valuable - intellectual property, bank account credentials, company plans, whatever. The attacker makes his way to a certain host on a network node to browse the directories, and suddenly, his...

Cisco SD-WAN vEdge Input Validation Error Vulnerability

Cisco SD-WAN vEdge is a router from Cisco. The device provides basic WAN, security, and multi-cloud capabilities for Cisco SD-WAN solutions. The Cisco SD-WAN vEdge suffers from an input validation error vulnerability that arises from a network system or product that does not properly validate...

fontforge: SFD_GetFontMetaData() insufficient CVE-2020-5395 backport

An out-of-bounds write flaw was found in FontForge while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is t...

squid: DoS in TLS handshake

A flaw was found in squid. A denial-of-service attack while processing TLS certificates is possible due to use of a potentially dangerous function in Squid and the default certificate validation helper. The highest threat from this vulnerability is to system availability...

SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MSADPCMdecode in audio/SDLwave.c...