Multiple vulnerabilities in the Application Layer Protocol Inspection component of Cisco microprogrammed network interface devices, which allow attackers to cause service failures.

The multiple vulnerabilities of the Application Layer Protocol Inspection component in Cisco microprogrammed network interfaces are related to resource management errors. Exploiting these vulnerabilities could allow a malicious actor to cause service interruptions by sending large amounts of...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM® DB2® LUW (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6.0 and 7.0 that is used by DB2 LUW. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM Java SDK updates in January 2016. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The T...

Microsoft Windows: Turn on Responder (RSPNDR) driver

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winresponderdriver.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Turn on Responder RSPNDR driver Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is fr...

Design/Logic Flaw

A vulnerability has been identified in RFID 181EIP All versions, RUGGEDCOM Win V4.4, V4.5, V5.0, and V5.1, SCALANCE X-200 switch family incl. SIPLUS NET variants All versions V5.2.3, SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.4.1, SCALANCE X-200RNA switch family All...

CVE-2018-4833

Siemens CVE-2018-4833 affects RFID 181-EIP, RUGGEDCOM Win (V4.4–V5.1), SCALANCE X-200/X-IRT/X-200RNA/X-300/X408/X414, and SIMATIC RF182C. Root cause is a heap-based buffer overflow (CWE-122) that allows unprivileged remote attackers in the same L2 network to execute arbitrary code by sending a sp...

UBUNTU-CVE-2018-11574

Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files...

DEBIAN-CVE-2018-7162

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshak...

Microsoft Windows: Service: Link-Layer Topology Discovery Mapper

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winlinklayertopologydiscoverymapper.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Link-Layer Topology Discovery Mapper lltdsvc Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

DEBIAN-CVE-2018-0732

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

Siemens SCALANCE X Switches, RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF182C (Update D)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable from the same local network segment OSI Layer 2 Vendor: Siemens Equipment: SCALANCE X switches, RUGGEDCOM Win, RFID 181-EIP, and SIMATIC RF182C Vulnerability: Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a...

FAQ: Login performance with Elastic Layers

Why are user logins with Elastic Layers enabled slower than normal logins on a non-EL image? Why are logins slower depending on how many Elastic Layer assignments a user has? Background: When you define an Image Template in the Layering Management Console LMC, you have to select the Elastic...

UBUNTU-CVE-2018-0732

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

CVE-2017-7806

A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox 55...

DEBIAN-CVE-2017-7805

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer...

CVE-2016-5298

A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox 50...

Design/Logic Flaw

A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox 55...

Security feature bypass

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor L4TM functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system...

CVE-2018-0353

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor L4TM functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system...

Cisco Web Security Appliance Layer 4 Traffic Monitor Security Bypass Vulnerability

A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor L4TM functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system...

Ubuntu: Security Advisory (USN-3662-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...