The vulnerability of the BGP protocol implementation in Cisco IOS XR allows a attacker to cause a service failure.

The vulnerability of the BGP protocol implementation in Cisco IOS XR lies in errors in the processing of BGP messages. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Security Bulletin: IBM MQ and IBM MQ Appliance are vulnerable to a denial of service attack caused by an abend while processing messages. (CVE-2019-4560)

Summary An issue was found within the IBM MQ message processing code that results in an abend while processing a message that was placed on a queue using MQPUT. An attacker could use this to execute a denial of service attack on a queue manager. Vulnerability Details CVEID: CVE-2019-4560...

Debian DLA-2028-1 : squid3 security update

It was found that Squid, a high-performance proxy caching server for web clients, has been affected by the following security vulnerabilities. CVE-2019-12526 URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN...

CVE-2019-18677

An issue was discovered in Squid 3.x and 4.x through 4.8 when the appenddomain setting is used because the appended characters do not properly interact with hostname length restrictions. Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be...

CVE-2019-18677

An issue was discovered in Squid 3.x and 4.x through 4.8 when the appenddomain setting is used because the appended characters do not properly interact with hostname length restrictions. Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be...

Code injection

An issue was discovered in Squid 3.x and 4.x through 4.8 when the appenddomain setting is used because the appended characters do not properly interact with hostname length restrictions. Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be...

CVE-2019-18677

An issue was discovered in Squid 3.x and 4.x through 4.8 when the appenddomain setting is used because the appended characters do not properly interact with hostname length restrictions. Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be...

CVE-2019-18677

An issue was discovered in Squid 3.x and 4.x through 4.8 when the appenddomain setting is used because the appended characters do not properly interact with hostname length restrictions. Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be...

The vulnerability of the lmgrd component and the components of the FlexNet Publisher daemon vendor license manager allows a violator to trigger a service failure.

The vulnerability of the lmgrd component and the components of the FlexNet Publisher daemon are related to errors in message processing within the lmadmin service. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Cisco Aironet Access Points Plagued By Critical, High-Severity Flaws

Cisco Systems has released a security update stomping out critical and high-severity flaws impacting its Aironet access points, which are entry-level wireless access points APs used by mid-size enterprises in their offices or small warehouses. It also issued a slew of additional patches addressin...

The vulnerability of the Microsoft Outlook email client, related to errors in processing incoming messages, allows attackers to escalate their privileges.

The vulnerability of the Microsoft Outlook email client is related to errors in processing incoming messages. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

CVE-2018-16156

In PaperStream IP TWAIN 1.42.0.5685 Service Update 7, the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkicFjicube32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes...

A vulnerability in the binary storage of systemd-journald in the Debian operating system, which allows an attacker to gain access to confidential data

The vulnerability in the binary storage of systemd-journald in the Debian operating system is related to an error in message processing that ends with a semicolon. This can lead to the exposure of memory data. Exploiting this vulnerability allows an attacker to gain access to confidential data...

[SECURITY] Fedora 29 Update: syslog-ng-3.17.2-2.fc29

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

Design/Logic Flaw

Zoom clients on Windows before version 4.1.34814.1119, Mac OS before version 4.1.34801.1116, and Linux 2.4.129780.0915 and below are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke...

CVE-2018-15715

CVE-2018-15715 affects Zoom Client for Meetings on Windows, macOS, and Linux (before specific builds). The vulnerability stems from Zoom’s internal messaging pump sending both UDP (untrusted) and TCP (trusted) messages to the same handler, enabling a remote, unauthenticated attacker to craft UDP ...

[SECURITY] Fedora 28 Update: botan2-2.7.0-1.fc28

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

Cisco Packet Data Network Gateway Peer-to-Peer Message Processing Denial of Service Vulnerability

A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager SESSMGR process on an affected device to restart, resulting in a denial of service DoS condition. The vulnerabilit...

Design/Logic Flaw

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...

CVE-2017-17166

Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, TP3206 V100R002C00, VP9660 V500R002C00, V500R002C10 have a...