CVE-2019-1890

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...

CVE-2019-1890 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...

Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer

Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2image library, which is used for loading images in different...

CVE-2019-2009

In l2clccprocpdu of l2cfcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0...

NVIDIA Windows GPU Display Driver Multiple Vulnerabilities (May 2019)

The NVIDIA GPU display driver software on the remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities: - An unspecified vulnerability exists in the kernel mode layer nvvlddmkm.sys handler for DxgkDdiEscape due to improper synchronization of shared...

The vulnerability in the syntax analyzer of Cisco Firepower Management Center’s network management software for Secure Sockets Layer (SSL) and Transport Layer Security (TLS protocols allows a perpetrator to bypass existing access control policies.

The vulnerability in the syntax analyzer of Cisco Firepower Management Center’s network management software for Secure Sockets Layer SSL and Transport Layer Security TLS protocols is related to errors in analyzing attributes in TLS packet headers. Exploiting this vulnerability can allow a malicio...

PT-2019-11734 · Cloudbees +1 · Cloudbees Cd Plugin +2

Name of the Vulnerable Software and Affected Versions: Jenkins ElectricFlow Plugin version 1.1.5 and earlier CloudBees CD Plugin affected versions not specified Description: The issue concerns the disabling of SSL/TLS and hostname verification in Jenkins plugins. Specifically, the Jenkins...

Google Chrome Almost Native Graphics Layer Engine Buffer Overflow Vulnerability

Google Chrome is a web browser from Google.Almost Native Graphics Layer Engine ANGLE is a graphics layer engine that allows Windows users to run WebGL and other OpenGL ES 2.0 content by translating the OpenGL ES 2.0 API to DirectX 9 or DirectX 11 API calls. DirectX 11 API calls to run WebGL and...

qpid-proton: TLS Man in the Middle Vulnerability

A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...

CVE-2018-13381

A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special craft message...

The vulnerabilities of SIMATIC device software, related to errors in cryptography usage, allow attackers to obtain the TLS session key.

The vulnerability of SIMATIC device software is related to errors in the use of cryptography. Exploiting this vulnerability can allow a perpetrator with access to the web interface to obtain the TLS session key while monitoring the TLS traffic between the legitimate user and the device...

openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

EulerOS 2.0 SP3 : cups (EulerOS-SA-2019-1567)

According to the versions of the cups packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CUPS printing system provides a portable printing layer for UNIXAr operating systems. It has been developed by Apple Inc.to promote a standard...

DEBIAN-CVE-2019-11873

wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length,...

DEBIAN-CVE-2019-12295

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion...

UBUNTU-CVE-2019-12295

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion...

CVE-2019-12216

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a heap-based buffer overflow in the SDL2image function IMGLoadPCXRW at IMGpcx.c...

DEBIAN-CVE-2019-12217

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a NULL pointer dereference in the SDL stdioread function in file/SDLrwops.c...

CVE-2019-12221

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is a SEGV in the SDL function SDLfreeREAL at stdlib/SDLmalloc.c...

CVE-2019-12220

An issue was discovered in libSDL2.a in Simple DirectMedia Layer SDL 2.0.9 when used in conjunction with libSDL2image.a in SDL2image 2.0.4. There is an out-of-bounds read in the SDL function SDLFreePaletteREAL at video/SDLpixels.c...