581 matches found
Cisco IOS XE Software Information Disclosure Vulnerability (cisco-sa-20190327-info)
According to its self-reported version, Cisco IOS XE Software is affected by an unspecified vulnerability in the Secure Storage feature of Cisco IOS XE that allows an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper...
Cisco IOS Software Information Disclosure Vulnerability (cisco-sa-20190327-info)
According to its self-reported version, Cisco IOS Software is affected by an unspecified vulnerability in the Secure Storage feature of Cisco IOS that allows an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory...
Linux kernel buffer overflow vulnerability (CNVD-2019-47005)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the Linux Kernel. The vulnerability arises from a networked system or product performing operations in memory without properl...
Siemens LOGO!8 Buffer Overflow Vulnerability
LOGO!8 is the 8th generation of Siemens intelligent logic controllers, the Nano PLC in the Siemens PLC family, which simplifies programming configurations, has an integrated panel for more displays, and can be easily networked and efficiently interconnected via the integrated Ethernet interface. ...
Photodex ProShow Producer Buffer Overflow Vulnerability (CNVD-2019-17111)
Photodex ProShow Producer is a suite of video and photo slideshow creation software from Photodex, Inc. in the United States. A buffer overflow vulnerability exists in Photodex ProShow Producer version 9.0.3797. The vulnerability originates when a networked system or product performs an operation...
Race condition
A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence Unified CM IM&P Service, Cisco TelePresence Video Communication Server VCS, and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users...
Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability
A vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence Unified CM IM&P Service, Cisco TelePresence Video Communication Server VCS, and Cisco Expressway Series could allow an unauthenticated, remote attacker to cause a service outage for users...
hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results ar...
Suricata Buffer Overflow Vulnerability
Suricata is a set of network intrusion detection system IDS, intrusion prevention system IPS and network security monitoring engine developed by the Open Information Security Foundation OISF and its supported vendors, which supports multi-threading, built-in IPv6, and the ability to load...
MGASA-2019-0168 Updated sysstat packages fix security vulnerabilities
Updated sysstat package fix security vulnerabilities: Out-of-bounds read during a memmove call inside the remapstruct function CVE-2018-19416. Out-of-bounds read during a memset call inside the remapstruct function CVE-2018-19517...
Ubuntu 18.04 LTS : libpng vulnerability (USN-3962-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3962-1 advisory. It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file,...
Ubuntu: Security Advisory (USN-3962-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3962-1: libpng vulnerability
It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code...
CVE-2019-11487
The Linux kernel before 5.1-rc5 allows page-refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipefsi.h, kernel/trace/trace.c, mm/gup.c, and...
USN-3952-1: Pacemaker vulnerabilities
Jan Pokorný discovered that Pacemaker incorrectly handled client-server authentication. A local attacker could possibly use this issue to escalate privileges. CVE-2018-16877 Jan Pokorný discovered that Pacemaker incorrectly handled certain verifications. A local attacker could possibly use this...
OpenPLC Buffer Overflow Vulnerability
OpenPLC is an open source programmable logic controller. A buffer overflow vulnerability exists in OpenPLCv2 version and OpenPLCv3 version. The vulnerability originates when a networked system or product performs an operation on memory without properly validating data boundaries, resulting in an...
Updated gpac packages fix security vulnerability
It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execu...
USN-3935-1: BusyBox vulnerabilities
Tyler Hicks discovered that BusyBox incorrectly handled symlinks inside tar archives. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could overwrite arbitrary files outside of the current directory. This issue only affected Ubuntu 14....
USN-3926-1: GPAC vulnerabilities
It was discovered that the GPAC MP4Box utility incorrectly handled certain memory operations. If an user or automated system were tricked into opening a specially crafted MP4 file, a remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service, or possibly execu...
CVE-2019-1762
A vulnerability in the Secure Storage feature of Cisco IOS and IOS XE Software could allow an authenticated, local attacker to access sensitive system information on an affected device. The vulnerability is due to improper memory operations performed at encryption time, when affected software...