CVE-2019-1695 Cisco Adaptive Security Appliance and Firepower Threat Defense Software Layer 2 Filtering Bypass Vulnerability

A vulnerability in the detection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software...

CVE-2019-1687 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability

A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service DoS condition. The...

Improper Signature Validation

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as...

Improper Signature Validation

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security TLS. It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as...

Arbitrary Code Execution

CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged...

Denial Of Service (DoS)

CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability

A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service DoS condition. The...

UBUNTU-CVE-2019-11499

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message...

PT-2019-3527 · Dovecot +3 · Dovecot +3

Name of the Vulnerable Software and Affected Versions: Dovecot versions 2.3.3 through 2.3.5.2 Description: The issue is related to the IMAP Server in Dovecot, where the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication...

The vulnerability of the Fabric Layer sub-component of the software package for building and deploying service-oriented architecture, Oracle SOA Suite, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Fabric Layer sub-component of the software package for building and deploying service-oriented architecture of Oracle SOA Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized...

ALPINE-CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...

DEBIAN-CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...

PT-2019-16609 · Fizz · Fizz

Name of the Vulnerable Software and Affected Versions: fizz versions prior to v2019.03.04.00 Description: The issue is related to an improperly performed length calculation on a buffer in PlaintextRecordLayer, which could lead to an infinite loop and denial-of-service based on user input...

The vulnerability of the wNumCoef function in the multimedia SDL library, related to reading beyond the buffer data boundary, allows attackers to gain unauthorized access to information.

The vulnerability of the wNumCoef function in the multimedia library SDL involves reading data beyond the buffer boundaries. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected information...

CVE-2019-2572

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware subcomponent: Fabric Layer. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful...

CVE-2019-2572

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware subcomponent: Fabric Layer. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful...

Design/Logic Flaw

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware subcomponent: Fabric Layer. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful...

CVE-2019-2572

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware subcomponent: Fabric Layer. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful...

CVE-2019-2572

CVE-2019-2572 affects Oracle Fusion Middleware Oracle SOA Suite (Fabric Layer) with version 11.1.1.9.0. The vulnerability is exploitable remotely over HTTP by an unauthenticated attacker and can lead to unauthorized read access to a subset of SOA Suite data. Affected component/issue is documented...

Dutch NCSC Releases Updated TLS Guidelines

The Dutch National Cyber Security Centre NCSC has published an update to their Transport Layer Security TLS protocol guidelines, which aim to improve TLS configuration security. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Dutch NCSC ...