Siemens SIMATIC S7-300 PLC Privilege Bypass Vulnerability

The Siemens SIMATIC S7-300 CPU is a modular general-purpose controller from Siemens for the manufacturing industry. The Siemens SIMATIC S7-300 PLC module is vulnerable to an unauthorized, execute CPU attack via privilege bypass. An attacker can construct special application layer data messages th...

Imperva Blocks Our Largest DDoS L7/Brute Force Attack Ever (Peaking at 292,000 RPS)

Imagine you’re a developer building a new web application. You’ve followed all of the security best practices, hired a reputable penetration testing company before launch, and gone through extensive bug fixing to remove any vulnerabilities. However, would you be confident that your application...

CVE-2019-12222

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9. There is an out-of-bounds read in the function SDLInvalidateMap at video/SDLpixels.c...

Akamai Load Balancing to Lock-in Quality

The Right Service from the Right Edge at the Right Time Introduction As Akamai's Global Traffic Management for Cloud, Data Centers and CDNs blog introduces, Akamai's Intelligent Edge™ platform includes DNS and Layer 7 load balancing capabilities that combine to get users to the right edge at the...

Palo Alto GlobalProtect SSL VPN Remote Code Execution Vulnerability

Palo Alto GlobalProtect SSL VPN is a popular SSLVPN product for businesses. Palo Alto GlobalProtect SSL VPN has a remote code execution vulnerability in the /sslmgr location. An attacker can exploit the vulnerability to execute task code...

CVE-2019-13626

SDL Simple DirectMedia Layer 2.x through 2.0.9 has a heap-based buffer over-read in FillIMAADPCMblock, caused by an integer overflow in IMAADPCMdecode in audio/SDLwave.c...

UBUNTU-CVE-2019-13626

SDL Simple DirectMedia Layer 2.x through 2.0.9 has a heap-based buffer over-read in FillIMAADPCMblock, caused by an integer overflow in IMAADPCMdecode in audio/SDLwave.c...

CVE-2019-13626

SDL2 2.x up to 2.0.9 contains a heap-based buffer over-read in Fill_IMA_ADPCM_block caused by an integer overflow in IMA_ADPCM_decode() in audio/SDL_wave.c (CVE-2019-13626). Multiple connected advisories (openSUSE/SUSE, Debian LTS, Nessus plugins, and related vendor pages) indicate this issue was...

Cohesity DataPlatform Man-in-the-Middle Vulnerability

Cohesity DataPlatform is a suite of platforms from Cohesity for managing ancillary data and applications. The platform is primarily used for data backup, instant recovery, etc. A security vulnerability exists in Cohesity DataPlatform version 5.x and version 6.x prior to 6.1.1c, which stems from t...

CVE-2019-13626

SDL Simple DirectMedia Layer 2.x through 2.0.9 has a heap-based buffer over-read in FillIMAADPCMblock, caused by an integer overflow in IMAADPCMdecode in audio/SDLwave.c...

DEBIAN-CVE-2019-13616

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDLblitN.c when called from SDLSoftBlit in video/SDLblit.c...

Heap overflow

SDL Simple DirectMedia Layer through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDLblitN.c when called from SDLSoftBlit in video/SDLblit.c...

CVE-2019-13616

CVE-2019-13616 affects SDL up to 1.2.15 and 2.x up to 2.0.9, with a heap-based buffer over-read in BlitNtoN (video/SDL_blit_N.c) invoked via SDL_SoftBlit (video/SDL_blit.c). Several connected advisories confirm the root issue is in SDL’s handling of image data (notably BMP loading) or surface cop...

The vulnerability in the implementation of the SSL protocol in Cisco Small Business routers models 200, 300, and 500 allows a hacker to cause a service failure.

The vulnerability of the SSL protocol implementation in Cisco Small Business routers models 200, 300, and 500 is related to improper checking of HTTPS packets. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the NX-OS network operating system, related to lack of access control, allows attackers to bypass security checks and connect unauthorized servers to the VLAN infrastructure.

The vulnerability of the network operating system NX-OS, which operates on Cisco Nexus 9000 Series ACI Mode Switches, is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to bypass security checks and connect unauthorized servers to the VLAN...

CVE-2019-11242

A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter...

The vulnerability of the Apache Qpid Proton library, related to errors in the certificate validation process, allows a perpetrator to execute a “man-in-the-middle” attack and intercept TLS traffic.

The vulnerability of the Apache Qpid Proton library is related to errors in the certificate validation process. Exploiting this vulnerability allows a malicious actor to execute a “man-in-the-middle” attack and intercept TLS traffic by anonymously connecting to a single-ridged node using TLS...

CVE-2019-1873

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software ASA and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure...

CVE-2019-13399

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation...

Cisco Nexus 9000 Series Fabric Switches Access Control Error Vulnerability

Cisco Nexus 9000 Series Fabric Switches is a 9000 series fiber optic switch from Cisco USA. An access control error vulnerability exists in the process of establishing fabric infrastructure VLAN links in Cisco Nexus 9000 Series Fabric Switches in ACI mode. An attacker could exploit this...