The vulnerability of the etc/shadow microprogramming software components of Cisco Small Business RV016, RV042, RV042G, and RV082 allows a hacker to elevate their privileges to the level of root or lldpd.

The vulnerability of the etc/shadow microprogramming software components of Cisco Small Business RV016, RV042, RV042G, and RV082 is related to the presence of embedded authentication data. Exploiting this vulnerability can allow an attacker to elevate their privileges to the level of root or lldp...

OpenJDK: Incorrect handling of unexpected CertificateVerify TLS handshake messages (JSSE, 8231780)

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this...

Types of NetScaler and NetScaler Gateway Licenses

This article describes the types of licenses available for NetScaler and NetScaler Gateway appliances. NetScaler licenses are assigned to physical MPX and virtual VPX appliances. Logical SDX appliances require licenses for each physical appliance and each virtual instance. Refer to NetScaler...

Huawei CloudEngine 12800, S5700 and S6700 weak algorithm vulnerability

Huawei CloudEngine 12800 and others are products of Huawei, China.Huawei CloudEngine 12800 is a 12800 series data center switch.Huawei S5700 is an enterprise switch.Huawei S6700 is an enterprise switch.Huawei CloudEngine 12800 is a 12800 series data center switch.Huawei CloudEngine 12800 is a 128...

ALPINE-CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox 72...

UBUNTU-CVE-2019-17023

After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox 72...

ence-agents trust management issue vulnerability

fence-agents is an agent program that supports remote power management of clustered devices. A trust management issue vulnerability exists in versions prior to fence-agents 4.0.17, which can be exploited by an attacker to spoof an SSL server with an arbitrary SSL certificate...

Node.js third-party modules: Denial Of Service in Strapi Framework using argument injection

I would like to report Denial Of Service in Strapi Framework.It allows attacker to force restart the server using argument injection. Module module name: strapi version: 3.0.0-beta.18.3 and earlier npm page: https://www.npmjs.com/package/strapi Module Description The Strapi HTTP layer sits on top...

CVE-2013-3247

Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file...

Heap overflow

Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file...

CVE-2013-3247

CVE-2013-3247 is a heap-based buffer overflow in XnView (xnview.exe) prior to 2.03. It can be triggered by a crafted RLE-compressed layer in an XCF file, allowing remote code execution on the affected host. Remediation: upgrade to XnView 2.03 or later (as specified). Exploit details beyond the de...

DEBIAN-CVE-2019-19965

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sasdiscover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5...

UBUNTU-CVE-2019-19965

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sasdiscover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5...

[SECURITY] [DSA 4591-1] cyrus-sasl2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4591-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2019 https://www.debian.org/security/faq -...

ALPINE-CVE-2019-19906

cyrus-sasl aka Cyrus SASL 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in sasladdstring in common.c in cyrus-sasl...

CVE-2019-11102

Insufficient input validation in IntelR DAL software for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access...

TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server Information Disclosure Vulnerability (CNVD-2020-12703)

TIBCO Spotfire Analytics Platform for AWS Marketplace is a data visualization and analytics platform for the AWS Marketplace, an online software store.TIBCO Spotfire Server is an intelligent, secure, flexible, and scalable tool that provides data visualization , discovery, organizing and predicti...

Cisco IOS XE Software MACsec MKA Using EAP-TLS Authentication Bypass (cisco-sa-20180926-macsec)

According to its self-reported version, Cisco IOS XE Software is affected by an authentication bypass vulnerability in the MACsec Key Agreement MKA using Extensible Authentication Protocol-Transport Layer Security EAP-TLS functionality due to a logic error. An unauthenticated, adjacent attacker c...

CVE-2019-17336

The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data...

Design/Logic Flaw

The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data...