SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMSADPCM in audio/SDLwave.c inside the wNumCoef loop...

RHEL 8 : cyrus-sasl (RHSA-2020:4497)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4497 advisory. The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer SASL. SASL is a method for adding authentication...

New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service

A new research has demonstrated a technique that allows an attacker to bypass firewall protection and remotely access any TCP/UDP service on a victim machine. Called NAT Slipstreaming, the method involves sending the target a link to a malicious site or a legitimate site loaded with malicious ads...

Design/Logic Flaw

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central deviceThis CVE is equivalent to Link Layer Length Overfow issue CVE-2019-16336,CVE-2019-17519 and Silent Length Overflow issueCVE-2019-17518 mentioned in...

CVE-2020-3703

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central deviceThis CVE is equivalent to Link Layer Length Overfow issue CVE-2019-16336,CVE-2019-17519 and Silent Length Overflow issueCVE-2019-17518 mentioned in...

CVE-2020-11114

u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packetEquivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper' in Snapdragon Compute, Snapdragon Consumer IOT,...

Windows 10 and Windows Server 2016 update history

Windows 10 and Windows Server 2016 update history Updates for Windows 10 version 1607 and Windows Server 2016 Windows 10 is a service, which means it gets better through periodic software updates.The great news is you usually don’t have to do anything! If you have enabled automatic updates, new...

CVE-2020-5936

On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel TMM process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile...

CVE-2020-5937

On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel TMM may produce a core file while processing layer 4 L4 behavioral denial-of-service DoS traffic...

Code injection

On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel TMM may produce a core file while processing layer 4 L4 behavioral denial-of-service DoS traffic...

F5 BIG-IP AFM Denial of Service Vulnerability

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A denial of service vulnerability exists in F5 BIG-IP AFM, which can be exploited by an attacker to trigger a denial of service via a fatal...

Amazon Linux 2 : SDL (ALAS-2020-1500)

The version of SDL installed on the remote host is prior to 1.2.15-17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1500 advisory. SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMAADPCMnibble in audio/SDLwave....

puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL

A flaw was found in Puppet, where the Puppet Agent did not verify the peer in the SSL connection before downloading to the Certificate Revocation List CRL. The primary risk is the availability of communications to computing systems and not Puppet itself. This flaw allows an attacker to submit a...

Cisco Adaptive Security Appliance (ASA) Software Denial of Service Vulnerability

The Cisco Adaptive Security Appliance ASA software is the core operating system that provides robust functionality for the Cisco ASA family. It has a variety of appearances and provides enterprise-class firewall functionality for ASA appliances. A denial of service vulnerability exists in the...

Cisco Firepower Threat Defense Denial of Service Vulnerability (CNVD-2020-59748)

Cisco Firepower Threat Defense is a suite of unified software for providing next-generation firewall services from Cisco, USA. apt is a command-line package manager from the Debian Project Collaboration that provides search, management, and querying of package information functions. A security...

UBUNTU-CVE-2020-27560

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service...

Vulnerability fixed in Citrix ADC and Citrix Gateway

Citrix has fixed a vulnerability in ADC and Gateway. The vulnerability allows a malicious party to obtain elevated privileges. obtain. The vulnerability can only be exploited from a peer switch whose Link Layer Discovery Protocol LLDP is enabled. Citrix has released updates to fix the...

CVE-2020-3572

A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a memory...

CVE-2020-3585

A vulnerability in the TLS handler of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to...

PT-2020-4458 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the SSL/TLS session handler could allow an...