CVE-2020-7314

Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer DXL Client for Mac shipped with McAfee Agent MA for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files...

DEBIAN-CVE-2020-1968

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

UBUNTU-CVE-2020-1968

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...

CVE-2020-3702

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit...

DEBIAN-CVE-2020-3702

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit...

UBUNTU-CVE-2020-3702

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit...

CVE-2020-3702

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit...

PT-2020-4161 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A information disclosure issue exists due to the use of weak hash algorithms by TLS components. This could allow an attacker to obtain information to further compromise a user's encrypted...

Vulnerability fixed in GnuTLS

A vulnerability has been fixed in GnuTLS. The vulnerability allows a remote malicious person who has access to a TLS server that the victim is connected to is able to cause a denial-of-service attack. To exploit the vulnerability the TLS connection must meet specific conditions. The developers of...

AZL-6445 CVE-2020-24659 affecting package gnutls for versions less than 3.6.14-5

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...

CVE-2020-24385

The CVE-2020-24385 issue affects MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7. It is a NULL pointer dereference in the Linux emulation layer. During binary interaction, td->td_emuldata in sys/compat/linux/linux_emul.h is not initialized and can return NULL from em_...

PT-2020-3857 · Cisco · Cisco Email Security Appliance

Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance ESA versions affected versions not specified Description: A vulnerability in the Transport Layer Security TLS protocol implementation could allow an unauthenticated, remote attacker to cause high CPU usage on an...

OSV-2020-1687 Bad-cast to pcpp::Layer from invalid vptr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25340 Crash type: Bad-cast Crash state: Bad-cast to pcpp::Layer from invalid vptr pcpp::IDnsResource::getRawData pcpp::DnsResource::getDataLength...

PT-2021-6586 · Arm +2 · Arm Mbed Tls +2

Name of the Vulnerable Software and Affected Versions: Arm Mbed TLS versions prior to 2.24.0 Description: An issue in Arm Mbed TLS allows an attacker to recover a private key via a side-channel attack against generation of base blinding/unblinding values, potentially affecting RSA or static...

CVE-2020-25056

An issue was discovered on Samsung mobile devices with Q10.0 Galaxy S20 software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is SVE-2020-16169 August 2020...

wolfSSL Information Disclosure Vulnerability (CNVD-2020-49929)

wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. An information disclosure vulnerability exists in wolfSSL versions prior to 4.5.0. The vulnerability is related to a buggy implementatio...

CVE-2020-3415

A vulnerability in the Data Management Engine DME of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input...

Input validation

A vulnerability in the Data Management Engine DME of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input...

CVE-2020-3415

Cisco NX-OS Software Data Management Engine (DME) remote code execution vulnerability (CVE-2020-3415) allows an unauthenticated, Layer 2-adjacent attacker to execute arbitrary code with administrative privileges or trigger DoS by sending crafted Cisco Discovery Protocol packets. Root cause: insuf...

CVE-2020-3415 Cisco NX-OS Software Data Management Engine Remote Code Execution Vulnerability

A vulnerability in the Data Management Engine DME of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input...