CVE-2017-6870

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android All versions before V1.0.2.2. The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle MitM attack...

postgresql: libpq ignores PGREQUIRESSL environment variable

It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...

PcapViz - Visualize Network Topologies and Collect Graph Statistics Based on PCAP Files

PcapViz visualizes network topologies and provides graph statistics based on pcap files. It should be possible to determine key topological nodes or data exfiltration attempts more easily. Features Draw network topologies Layer 2 and communication graphs Layer 3 and 4 Network topologies contain...

CVE-2017-6752

A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA 9.33 and 9.62 could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to the...

CVE-2017-6766

A vulnerability in the Secure Sockets Layer SSL Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote attacker to bypass the SSL policy for decrypting and inspecting traffic on an affected...

Artificial Inteligent Packet Inspection Engine: AIEngine

AIEngine is a next generation interactive/programmable Python/Ruby/Java packet inspection engine with capabilities of learning without any human intervention, NIDS Network Intrusion Detection System functionality, DNS domain classification, network collector, network forensics and many others...

Cisco Adaptive Security Appliance Information Disclosure Vulnerability (CNVD-2017-20382)

The Cisco Adaptive Security Appliance is a set of firewall appliances from the American company Cisco. A security vulnerability exists in the Cisco Adaptive Security Appliance when configured with both Lightweight Directory Access Protocol LDAP and SSL Connection Profile, which allows remote...

Citrix App layering: Recipe for USB Drivers With VMWARE Horizon View 5.X

Overview The purpose is to explain a process for getting USB Hardware related device drivers working in a Unidesk Layer in conjunction with software application that may require peripheral device support. Tested Devices This document utilize these kinds of devices in our testing: Dell USB Laser...

Design/Logic Flaw

A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466...

CVE-2017-1467

A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466...

CVE-2017-1467

A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466...

NVIDIA Windows GPU Display Driver elevation of privilege vulnerability (CNVD-2017-26301)

NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers from NVIDIA dedicated to Windows. kernel mode layer handler is one of the kernel mode layer handlers. A security vulnerability exists in the kernel mode layer handler in the NVIDIA Windows GPU Display Drive...

PT-2017-2627 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance versions 9.33 through 9.62 Description: The issue is related to a lack of protection for service data when interacting with the SSL Connection Profile via the LDAP protocol in the web interface of the Cisco...

NVIDIA Windows GPU Display Driver elevation of privilege vulnerability (CNVD-2017-26302)

NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers from NVIDIA dedicated to Windows. kernel mode layer handler is one of the kernel mode layer handlers. A security vulnerability exists in the kernel mode layer handler in the NVIDIA Windows GPU Display Drive...

App Layering/Unidesk: Debugging Layer Conflicts

You have identified a problem that occurs when all your layers are present, but does not occur when none of them are there, or only a minimum set are present. Regardless of the actual error, this suggests a conflict between individual layers...

tigervnc: VNC server can crash when TLS handshake terminates early

A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early...

kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature

A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system...

kernel: ping socket / AF_LLC connect() sin_family race

A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system...

kernel: ping socket / AF_LLC connect() sin_family race

A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system...

kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature

A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system...