PT-2018-4061 · Elinks +2 · Elinks +2

Name of the Vulnerable Software and Affected Versions: ELinks version 0.12 Twibright Links version 2.3 Description: The issue is related to missing SSL certificate validation. Recommendations: For ELinks version 0.12, update to a version that includes proper SSL certificate validation. For...

Debian DSA-4120-1 : linux - security update (Meltdown) (Spectre)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker...

DEBIAN-CVE-2018-7286

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. respjsip allows remote authenticated users to crash Asterisk segmentation fault by sending a number of SIP INVITE messages on a TCP or TLS connection and...

How to use NetScaler appliance to avoid Layer 7 DDoS attacks

This article describes how to use a NetScaler appliance to avoid layer 7 DDoS attacks when there is no dedicated device to protect from DDoS attacks...

Tejari Cross Site Request Forgery

----------------------------------------------------- Vulnerability Type: Cross Site Request Forgery CSRF Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attack Type: Local - Authenticated Impact: Unauthorised Access...

erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack

An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle MiTM attack, despite the attacker not...

UBUNTU-CVE-2018-0488

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service heap corruption via a crafted application packet within a TLS or DTLS session...

ALPINE-CVE-2018-0487

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session...

CVE-2017-9968

A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack...

Can't import Gold VM into App Layering, it says "The virtual machine template cannot have any attached disks."

You are trying to import a new Gold VM to be an OS layer. The first thing you need to do is create a Connector. In the Connector, you see the field for Template, and you try to select your Gold VM there. When you test it, it fails saying one of these: "The virtual machine template cannot have any...

Vobot Clock Information Disclosure Vulnerability

The Vobot Clock is a smart bedside alarm clock equipped with Amazon Alexa, Sleep Coach and Daily Routine programs. An information disclosure vulnerability exists in VOBOT CLOCK versions prior to 0.99.30. The vulnerability arises because the Vobot firmware does not validate the certificate of the...

The vulnerability of the VPN Secure Sockets Layer (SSL) function of the microprogramming network interface device in Cisco Adaptive Security Appliance (ASA) allows a hacker to execute arbitrary code and gain full control over the system.

The vulnerability of the VPN Secure Sockets Layer SSL function of the microprogramming network interface device in Cisco Adaptive Security Appliance ASA is related to a memory reclamation error. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code and gain...

The vulnerability in the implementation of TLS 1.2 in Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a perpetrator to induce a service failure.

The vulnerability in the implementation of TLS 1.2 in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the use of memory after deallocation. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

RDPY - Remote Desktop Protocol in Twisted Python

RDPY is a pure Python implementation of the Microsoft RDP Remote Desktop Protocol protocol client and server side. RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication through ntlmv2 authentication protocol. RDPY...

CVE-2018-0101

A vulnerability in the Secure Sockets Layer SSL VPN functionality of the Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a...

VulnCheck KEV: CVE-2018-0101

A vulnerability in the Secure Sockets Layer SSL VPN functionality of the Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free a...

PT-2018-1004 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions prior to the fixed version Description: A vulnerability in the Secure Sockets Layer SSL VPN functionality could allow an unauthenticated, remote attacker to cause a reload of the affecte...

Denis and Co.

In April 2017, we published a detailed review of a malicious program that used DNS tunneling to communicate to its C&C. That study prompted us to develop a technology to detect similar threats, which allowed us to collect a multitude of malware samples using DNS tunneling. In this article, we wil...

Update Rollup 14 for System Center 2012 R2 Orchestrator

Update Rollup 14 for System Center 2012 R2 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 14 for Microsoft System Center 2012 R2 Orchestrator. This article also contains the installation instructions for this update. Issues that are fixed Update rollup...

CVE-2018-2566

Vulnerability in the Integrated Lights Out Manager ILOM component of Oracle Sun Systems Products Suite subcomponent: Remote Console Application. Supported versions that are affected are 3.x and 4.x. Difficult to exploit vulnerability allows low privileged attacker with network access via TLS to...