PT-2019-3316 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Network Address Translation NAT Session Initiation Protocol SIP Application Layer Gateway ALG could allow an unauthenticated, remote attacker to cause a...

DEBIAN-CVE-2019-15699

An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 TLS 1.2 packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of t...

CVE-2019-15699

CVE-2019-15699 affects Suricata 4.1.4, where the SSL/TLS parser in app-layer-ssl.c (TLSDecodeHSHelloExtensions) accesses an unallocated memory region when processing a corrupted SSLv3/TLS 1.2 HSHelloExtensions length mismatch. This can lead to memory corruption/heap issues as described in multipl...

[SECURITY] Fedora 30 Update: blis-0.6.0-4.fc30

BLIS is a portable software framework for instantiating high-performance BLAS-like dense linear algebra libraries. The framework was designed to isolate essential kernels of computation that, when optimized, immediately enable optimized implementations of most of its commonly used and...

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

Siemens SIMATIC WinCC CCRedCodiAlarm Control has a Null Pointer Vulnerability

Siemens SIMATIC is an automation software with a single engineering environment.WinCC supports the discovery and configuration of LAN device information with the PN-DCP protocol at the Ethernet layer. A null pointer vulnerability exists in the Siemens SIMATIC WinCC CCRedCodiAlarm control. An...

[SECURITY] Fedora 31 Update: SDL-1.2.15-42.fc31

Simple DirectMedia Layer SDL is a cross-platform multimedia library desig ned to provide fast access to the graphics frame buffer and audio device...

The vulnerability of the traffic filtering component of the Cisco SD-WAN programmable network allows a hacker to bypass the filters at the L2 and L4 levels.

The vulnerability of the Cisco SD-WAN’s programmatically defined traffic filtering component exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to bypass L2 and L4 filters using a specially crafted TCP packet...

Fedora Update for SDL FEDORA-2019-e08f78d4a6

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2019-7730 · Imapfilter +2 · Imapfilter +2

Name of the Vulnerable Software and Affected Versions: IMAPFilter versions prior to 2.6.13 Description: The issue is related to the failure of IMAPFilter to validate the hostname in an SSL certificate. This could potentially lead to security issues, but specific details about the estimated number...

Exim TLS Flaw Opens Email Servers to Remote 'Root' Code Execution Attacks

A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days...

USN-4116-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-20856 Amit Klein and Ben...

CVE-2019-5592

Multiple padding oracle vulnerabilities Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled,...

The vulnerability of the Link Layer Discovery Protocol (LLDP) implementation in the Cisco NX-OS network operating system allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the Link Layer Discovery Protocol LLDP implementation in the Cisco NX-OS network operating system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code...

CVE-2019-1948 Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability

A vulnerability in Cisco Webex Meetings Mobile iOS could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer SSL certificate. The vulnerability is due to insufficient SSL certificate validation by the affected...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4094-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4094-1 advisory. It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could...

USN-4094-1: Linux kernel vulnerabilities

It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...

openssl: 0-byte record padding oracle

If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received...