IBM Tivoli Federated Identity Manager Information Disclosure Vulnerability

IBM Tivoli Federated Identity Manager TFIM is a cross-enterprise federated identity management product from IBM, USA. The product provides Web and federated single sign-on capabilities SSO to users using multiple applications. An information disclosure vulnerability exists in IBM TFIM versions...

Open Source LoRa CSS PHY Implementation: gr-lora

Open Source LoRa CSS PHY Implementation LoRa is a wireless LPWAN PHY that is developed and maintained by Semtech. It is designed to provide long range, low data rate connectivity to IoT-focused devices. A reasonable analogy is that LoRa is like cellular data service, but optimized for embedded...

The vulnerability of the implementation of SSL and TLS protocols in Cisco Adaptive Security Appliance software allows a perpetrator to trigger a system reboot.

The vulnerability of the implementation of SSL and TLS protocols in Cisco Adaptive Security Appliance software exists due to improper processing of SSL and TLS packets. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot using a specially crafted network packet...

FreeRADIUS Security Bypass Vulnerability

FreeRadius is a set of software from the FreeRADIUS Server project that implements the RADIUS protocol. The software is mainly used for account authentication management, bookkeeping management and Internet account management, etc. and contains a Radius server, a client library for BSD protocol...

USN-3305-1: NVIDIA graphics drivers vulnerabilities

It was discovered that the NVIDIA graphics drivers contained flaws in the kernel mode layer. A local attacker could use these issues to cause a denial of service or potentially escalate their privileges on the system...

DEBIAN-CVE-2017-7502

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker...

UBUNTU-CVE-2017-7502

Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker...

UBUNTU-CVE-2017-9148

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers such as malicious 802.1X supplicants to bypass authentication via PE...

Multiple Asterisk Products 'PJSIP Transaction Layer' Heap Buffer Overflow Vulnerability

Digium Asterisk Open Source and Certified Asterisk are both open source telephone exchange PBX system software from Digium, Inc. in the United States. The software supports voicemail, multi-party voice conferencing, and interactive voice response IVR. The PJSIP used in Digium Asterisk Open Source...

How to configure NetScaler to send proxy protocol to backend servers

This article describes how to configure NetScaler to send proxy protocol to backend servers. Background Proxy protocol was designed to chain proxies/reverse proxies without losing the client information. Client information refers to the client-ip address and port. Proxy protocol was developed by...

SSL Visibility Appliance may generate illegal RST packets

Overview SSL Visibility Appliance provided by Blue Coat Systems, Inc. is used as a transparent proxy for encrypted traffic management. It is reported that the appliance generates RST packets with incorrect sequence numbers when it receives HTTPS requests from certain web browsers. When the web...

Eclipse tinydtls for Eclipse IoT Denial of Service Vulnerability

Eclipse IoT is a free and open source used by the Eclipse Foundation to co-build IoT projects based on open technologies.Eclipse tinydtls is a library for overlaying the Data Security Transport Layer DTLS of the Client and Data State Server. A security vulnerability exists in version 0.8.2 of...

FreeBSD : NVIDIA UNIX driver -- multiple vulnerabilities in the kernel mode layer handler (f52e3a8d-3f7e-11e7-97a9-a0d3c19bfa21)

NVIDIA Unix security team reports : NVIDIA GPU Display Driver contains vulnerabilities in the kernel mode layer handler where not correctly validated user input, NULL pointer dereference, and incorrect access control may lead to denial of service or potential escalation of privileges. %NASLMINLEV...

Cisco FirePOWER System Software Denial of Service Vulnerability

Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco. A denial of service vulnerability exists in the login configuration of the Secure Sockets Layer SSL policy in Cisco FirePOWER System Software versions 5.3.0 through 6.2.2. A remote attacker could exploit this...

Apple macOS Sierra EAP-TLS Certificate Validation Vulnerability

Apple macOS is an operating system that runs on Apple's Macintosh line of computers. A certificate validation vulnerability exists in Apple macOS EAP-TLS, which can be exploited by remote attackers to bypass security restrictions and obtain sensitive information...

FreeBSD : asterisk -- Buffer Overrun in PJSIP transaction layer (0537afa3-3ce0-11e7-bf9d-001999f8d30b)

The Asterisk project reports : A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...

[SECURITY] Fedora 25 Update: libtirpc-1.0.1-4.rc3.fc25

This package contains SunLib's implementation of transport-independent RPC TI-RPC documentation. This library forms a piece of the base of Open Network Computing ONC, and is derived directly from the Solaris 2.3 source. TI-RPC is an enhanced version of TS-RPC that requires the UNIX System V...

Google Chrome Security Bypass Vulnerability (CNVD-2017-07170)

Google Chrome is a web browser developed by the American company Google Google. A security bypass vulnerability exists in Google Chrome, which originates when the program caches a TLS session before validating a certificate. An attacker can exploit the vulnerability to decrypt TLS sessions...

The vulnerability of the L2TP function in the Cisco IOS operating system allows a intruder to trigger a device reboot and a service failure.

The vulnerability of the L2TP function in the Cisco IOS operating system exists due to insufficient checking of L2TP packets. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot and a service failure using a specially crafted L2TP packet...

PostgreSQL Man-in-the-Middle Attack Vulnerability

PostgreSQL is a free object-relational database management system developed by the PostgreSQL development group. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A security vulnerability exists in PostgreSQL. This...