CVE-2020-3421 Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the...

CVE-2020-3512 Cisco IOS and IOS XE Software PROFINET Link Layer Discovery Protocol Denial of Service Vulnerability

A vulnerability in the PROFINET handler for Link Layer Discovery Protocol LLDP messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service DoS condition. The vulnerability is du...

Cisco IOS XE Software Zone-Based Firewall Denial of Service Vulnerabilities

Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the...

Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario

The Mozilla Foundation Security Advisory describes this flaw as: When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow...

PT-2020-4188 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE affected versions not specified Description: The issue is related to insufficient validation of unusual or exceptional states in Cisco IOS XE, which could allow a remote attacker to cause a denial of service. The vulnerabilities...

PT-2020-4189 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: The issue is related to incomplete handling of Layer 4 packets through the device, which could allow an unauthenticated, remote attacker to cause the device to reload or stop...

CVE-2020-7121

Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP Link Layer Discovery Protocol process in the switch. This applies to...

CVE-2020-24619

In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyModeQSslSocket::VerifyNone. A man-in-the-middle attacker could offer a spoofed download resource...

Denial Of Service (DoS)

firefox is vulnerable to denial of service DoS. The vulnerability exists through a use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content...

CVE-2020-0356

In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143787559...

CVE-2020-0429

In l2tpsessiondelete and related functions of l2tpcore.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

UBUNTU-CVE-2020-0429

In l2tpsessiondelete and related functions of l2tpcore.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

CVE-2020-0392

In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10...

PT-2020-6953 · Aruba · Aruba Cx Switches Series

Name of the Vulnerable Software and Affected Versions: Aruba CX Switches Series versions prior to 10.04.3021 Description: The issue is related to memory corruption vulnerabilities, specifically a buffer overflow, in the Aruba CX Switches Series. Successful exploitation could result in a Local...

DTLS Service Detection

Nessus was able to detect that the remote service supports DTLS Datagram Transport Layer Security by sending a ClientHello and receiving a HelloVerifyRequest reply. TRUSTED...

Zoom adds Two-factor authentication (2FA) as extra layer of security

By Zara Khan Video conferencing platform Zoom has announced two-factor authentication 2FA to enhance protection by adding an extra layer of security. This is a post from HackRead.com Read the original post: Zoom adds Two-factor authentication 2FA as extra layer of security...

F5 BIG-IP Access Control Error Vulnerability (CNVD-2020-51797)

F5 BIG-IP is an application delivery platform from F5 Inc. that integrates network traffic management, application security management, load balancing, etc. Configuration utility is one of the configuration utilities. A security vulnerability exists in F5 BIG-IP. The vulnerability originates from...

The vulnerability in the implementation of the TLS protocol in Cisco AsyncOS software for Cisco Email Security Appliances allows a attacker to induce a service failure.

The vulnerability of the TLS Transport Layer Security implementation in Cisco AsyncOS software for Cisco Email Security Appliances is related to algorithmic complexity. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

A group of researchers has detailed a new timing vulnerability in Transport Layer Security TLS protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a...

CVE-2020-7314

Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer DXL Client for Mac shipped with McAfee Agent MA for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files...