CVE-2018-12121

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...

CVE-2018-12121

CVE-2018-12121 affects Node.js before versions 6.15.0, 8.14.0, 10.14.0 and 11.3.0. A Denial of Service can be triggered by sending many requests with maximum-sized HTTP headers (around 80 KB per connection) and carefully timed header completion, causing the HTTP server to abort due to heap alloca...

CVE-2018-11076

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance IDPA 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client...

OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

Improper Certificate Validation in proton-j

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...

The vulnerability in the implementation of the Link Layer Discovery Protocol (LLDP) in Cisco FX-OS and Cisco NX-OS network operating systems allows a attacker to cause service interruptions.

The vulnerability in the implementation of the Link Layer Discovery Protocol LLDP for Cisco FX-OS and Cisco NX-OS network operating systems arises due to errors in processing input data. Exploiting this vulnerability allows a malicious actor to cause service failures using a specially crafted LLD...

CVE-2018-17187

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl...' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with option...

curl: Re-using connection with wrong client cert

It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate...

Open Source Network Access Control: PacketFence

PacketFence is a fully supported, trusted, Free and Open Source network access control NAC system. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices,...

F5 Networks BIG-IP : vCMP vulnerability (K64721111)

Through undisclosed methods,adjacent network attackers can cause a denial of service for vCMP guest and host systems. Attacks must be sourced from an adjacent network Layer 2. CVE-2018-5531 Impact BIG-IP An attacker from an adjacent network may be able to cause a denial-of-service DoS attack on t...

The vulnerability of the FortiOS operating system arises from the use of weak encryption algorithms during TLS connections, allowing attackers to carry out phishing attacks and man-in-the-middle attacks.

The vulnerability of the FortiOS operating system arises from the use of weak encryption algorithms during TLS connections. Exploiting this vulnerability allows a remote attacker to perform phishing attacks and man-in-the-middle attacks...

The vulnerability of the CAPWAP operating system in FortiOS, allowing a hacker to induce a service failure

The vulnerability of the CAPWAP operating system in FortiOS arises from errors in processing input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a large number of ClientHello DTLS messages...

CVE-2018-15317

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BADRECORDMAC errors. Clients will be unable to access the...

The vulnerability in the implementation of the TLS protocol in the FortiOS operating system allows a attacker to decrypt messages without knowing the secret key, thereby carrying out a “man-in-the-middle” attack.

Vulnerability of the TLS protocol implementation in the FortiOS operating system, caused by deficiencies in the implementation of the encryption algorithm. Exploiting this vulnerability allows a malicious actor to decrypt messages without knowing the secret key, thereby carrying out a...

OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

How and when to upgrade VMWare tools

Issue The objective is to upgrade VMware Tools after an ESX host upgrade, make the change in the OS Layer and create a new View Agent app layer...

OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Viprinet VPN Hub Router Cross-Site Scripting Vulnerability

Viprinet VPN Hub Router is a multiplexed VPN router product from Viprinet Europe, Germany. The Viprinet VPN Hub Router suffers from a cross-site scripting vulnerability that stems from the lack of input validation and output escaping mechanisms in the CLI interface. By exploiting this...