CVE-2017-10026

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware subcomponent: Fabric Layer. The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful...

Design/Logic Flaw

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware subcomponent: Fabric Layer. The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful...

CVE-2017-10026

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware subcomponent: Fabric Layer. The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful...

CVE-2017-10026

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware subcomponent: Fabric Layer. The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful...

Unspecified Vulnerability in Oracle SOA Suite

Oracle Fusion Middleware is Oracle's business innovation platform for enterprise and cloud environments that provides middleware, software collections, and more.Oracle SOA Suite is one of the Service Oriented Architecture SOA components for building, deploying, and managing service-oriented...

The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.

The vulnerability of the WPA2 protocol, which provides security for wireless Wi-Fi networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to gain access to encrypted information transmitted ove...

Ruby http gem man-in-the-middle attack vulnerability

The Ruby http gem is a standard package for managing Ruby libraries and programs. A man-in-the-middle attack vulnerability exists in Ruby http gem versions prior to 0.7.3, which stems from the program failing to validate the hostname during an SSL connection. A remote attacker could use this...

KRACK Vulnerability in WiFi WPA2

Akamai is aware of a family of vulnerabilities known as the Key Reinstallation Attack or KRACK. These vulnerabilities abuse implementation flaws found in all modern wireless networks using WPA2. The KRACK attack is effective at the protocol level and therefore affects all systems using current Wi...

Git Denial of Service Vulnerability

Git is a free, open source distributed version control system developed by American software developer Linus Torvalds Linus Torvalds. A security vulnerability exists in Git 2.14.2 and earlier versions, which stems from the program's failure to properly handle the tree object layer. A remote...

Simple DirectMedia Layer Digital Error Vulnerability

Simple DirectMedia Layer SDL is a cross-platform development library that provides low-level access to audio, keyboard, mouse and graphics hardware through OpenGL and Direct3D. An integer overflow vulnerability exists in SDL version 2.0.5. When creating an RGB Surface, an attacker can exploit the...

UBUNTU-CVE-2017-2888

An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a...

The vulnerability of the SSL software used in Backup Exec’s backup and recovery services allows attackers to execute arbitrary code or trigger a service failure.

The vulnerability of Backup Exec’s SSL software for backup and restoration services relates to the use of memory after it is freed i.e., after the agent completes its tasks. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures using...

Vulnerability Spotlight: Arbitrary Code Execution Bugs in Simple DirectMedia Layer Fixed

Today, Talos is disclosing two vulnerabilities that have been identified in the Simple DirectMedia Layer library. Simple DirectMedia Layer SDL is a cross-platform development library designed for use in video playback software, emulators, and games by providing low level access to audio, keyboard...

Simple DirectMedia Layer SDL_image XCF Property Handling Code Execution Vulnerability

Summary An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger thi...

Google Android Media framework audio hal elevation of privilege vulnerability

Android is a free and open source Linux-based operating system led and developed by Google Inc. and the Open Handset Alliance. An elevation of privilege vulnerability exists in the Media framework audio hal in Android. An attacker can exploit this vulnerability to gain elevated privileges...

Cisco Firepower Threat Defense Software Denial of Service Vulnerability

Cisco Appliance ASA 5500-X Series Next-Generation Firewalls, etc. are firewall products from Cisco, U.S.A. Firepower Threat Defense FTD Software is one of the intrusion prevention systems. A denial of service vulnerability exists in the SSL traffic encryption process of FTD Software in multiple...

DEBIAN-CVE-2015-1828

The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack...

Q2 2017 Global DDoS Threat Landscape Report

This week we released our latest Global DDoS Threat Landscape Report, a statistical analysis of more than 15,000 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q2 2017. This quarter, for the fifth one in a row, we saw a decrease in the number of network...

CVE-2017-12245

A vulnerability in SSL traffic decryption for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause depletion of system memory, aka a Firepower Detection Engine SSL Decryption Memory Consumption Denial of Service vulnerability. If this memory leak...

CVE-2017-0812

An elevation of privilege vulnerability in the Android media framework audio hal. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231...