The vulnerability of the implementations of Secure Sockets Layer and Transport Layer Security protocols in the microsoftware for Cisco Adaptive Security Appliance (ASA) and Configure Firepower Threat Defense (FTD) allows a attacker to induce a service failure.

The vulnerability of the Secure Sockets Layer and Transport Layer Security implementations in Cisco Adaptive Security Appliance ASA and Configure Firepower Threat Defense FTD software lies in an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to caus...

The vulnerability of the implementation library for the Transport Layer Security protocol of Cisco Firepower Threat Defense micro-programming software allows a attacker to compromise the integrity of the protected information.

The vulnerability of the Transport Layer Security protocol implementation library in Cisco Firepower Threat Defense software relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the integrity of the protected information...

Ubuntu: Security Advisory (USN-4363-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Securing GraphQL API

Introduction to GraphQL Representational state transfer REST APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP...

undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

The vulnerability of the Secure Sockets Layer and Transport Layer Security implementations in Cisco Firepower Threat Defense’s microprogramming-based network interface controllers allows attackers to induce service failures.

The vulnerability of the Secure Sockets Layer and Transport Layer Security implementations of Cisco Firepower Threat Defense’s microprogramming-based network interface controllers is related to the execution of operations beyond the buffer in memory. Exploitation of this vulnerability could allow...

Cisco Firepower Threat Defense Software SSL/TLS URL Category Bypass Vulnerability (cisco-sa-ssl-bypass-O5tGum2n)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a remote code execution vulnerability in Transport Layer Security. This is due to logic error withing SNORT handling. An unauthenticated, remote attacker can exploit this to bypass web traffic policies...

Microsoft Windows and Windows Server Denial of Service Vulnerability (CNVD-2020-33424)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in the implementation of the Transport Layer...

FreeBSD : FreeBSD -- Improper checking in SCTP-AUTH shared key update (253486f5-947d-11ea-92ab-00163e433440)

The SCTP layer does improper checking when an application tries to update a shared key. Therefore an unprivileged local user can trigger a use-after- free situation, for example by specific sequences of updating shared keys and closing the SCTP association. Impact : Triggering the use-after-free...

keycloak: improper verification of certificate with host mismatch could result in information disclosure

A flaw was found in Keycloak, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle MITM attack...

Microsoft Windows Transport Layer Security Denial of Service Vulnerability

A denial of service vulnerability exists in the Windows implementation of Transport Layer Security TLS when it improperly handles certain key exchanges. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, a remote...

Zephyr Trust Management Issues Vulnerabilities

Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. A trust management issue vulnerability exists in the UpdateHub module in Zephyr 2.1.0 and later fixed in version 2.2.0, which stems from the program disabling DTLS peer checking. An attacker could use...

KLA11773 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed several vulnerabilities in the basic components of Microsoft Windows. A malicious party could potentially exploit them to launch a denial-of-service attack, execute arbitrary code, gain elevated privileges or obtain sensitive data. The main vulnerabilities concern the Windows...

PT-2020-19991 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail version 1.1.3 Description: A missing verification of the TLS host allowed a man-in-the-middle attack. Recommendations: For Nextcloud Mail version 1.1.3, update to a version that includes the fix for the missing TLS host...

Powerob - An On-The-Fly Powershell Script Obfuscator Meant For Red Team Engagements

An on-the-fly Powershell script obfuscator meant for red team engagements. Built out of necessity. Installation git clone https://github.com/cwolff411/powerob Usage python3 powerob.py obfuscate originalfile.ps1 obfuscatedfile.ps1 Takes an INPUTFILE obfuscates it and dumps the obfuscated version...

pcapplusplus:FuzzTarget: Use-of-uninitialized-value in pcpp::NullLoopbackLayer::getFamily

Project: https://github.com/seladb/PcapPlusPlus.git Detailed Report: https://oss-fuzz.com/testcase?key=5717750942269440 Project: pcapplusplus Fuzzing Engine: libFuzzer Fuzz Target: FuzzTarget Job Type: libfuzzermsanpcapplusplus Platform Id: linux Crash Type: Use-of-uninitialized-value Crash...

Cisco Firepower Threat Defense Input Validation Error Vulnerability (CNVD-2020-35682)

Cisco Firepower Threat Defense FTD is a suite of unified software that provides next-generation firewall services from the U.S. company Cisco Cisco. A security vulnerability exists in the TLS version 1.3 policy configured with a URL category in Cisco FTD Software versions 6.4.0 through 6.4.0.8...

Cisco Firepower Threat Defense and Adaptive Security Appliances Software Denial of Service Vulnerability (CNVD-2020-31104)

Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software are both products of Cisco, Inc.Cisco Firepower Threat Defense is a set of unified software that provides next-generation firewall services. Defense is a set of unified software to provide...

Cisco Firepower Threat Defense Denial of Service Vulnerability

Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. A denial of service vulnerability exists in the Secure Sockets Layer SSL/Transport Layer Security TLS processor of the FTD Software in the Cisco...