PT-2019-1706 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS Software and Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Network-Based Application Recognition NBAR feature could allow an unauthenticated, remote attacker to cause an affected device to...

PT-2019-1714 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS Software affected versions not specified Cisco IOS XE Software affected versions not specified Description: A parsing issue on DNS packets in the Network-Based Application Recognition NBAR feature could allow an unauthenticated,...

CVE-2019-2416

CVE-2019-2416 affects Oracle PeopleSoft Enterprise PeopleTools (Application Server) with affected versions 8.55, 8.56, and 8.57. The vulnerability is described as easily exploitable, allowing a low-privilege attacker who can access the system over HTTP to compromise PeopleSoft Enterprise PeopleTo...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC IT LMS All versions, SIMATIC IT Production Suite Versions V7.1 V7.1 Upd3, SIMATIC IT UA Discrete Manufacturing Versions V1.2, SIMATIC IT UA Discrete Manufacturing Versions V1.2, SIMATIC IT UA Discrete Manufacturing Versions V1.3, SIMATIC IT UA Discre...

CVE-2018-19982

An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP Server Controller HUB Node products which are controlled by HUB. The prerequisite is that the attacker is on the same network as the target HUB, and can use I...

Cyber-Attacks: How to Stop a Multibillion-Dollar Problem

By Ed Cabrera, Chief Cybersecurity Officer for Trend Micro and Martin Bally, Vice President & Chief Security Officer for Diebold Nixdorf ? Where there’s money, there has always been crime. Traditional bank robbery and physical assaults on ATMs are still a challenge, and now a new breed of...

CVE-2018-18764

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parsemqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially...

CVE-2018-18764

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parsemqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially...

CVE-2018-18765

An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mgmqttnextsubscribetopic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially...

CVE-2018-3285

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Windows. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2018-3251

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

CVE-2018-0048 Junos OS: Memory exhaustion denial of service vulnerability in Routing Protocols Daemon (RPD) with Juniper Extension Toolkit (JET) support.

A vulnerability in the Routing Protocols Daemon RPD with Juniper Extension Toolkit JET support can allow a network based unauthenticated attacker to cause a severe memory exhaustion condition on the device. This can have an adverse impact on the system performance and availability. This issue onl...

collectd: double free in csnmp_read_table function in snmp.c

A double-free vulnerability was found in the csnmpreadtable function in the SNMP plugin of collectd. A network-based attacker could exploit this by sending malformed data, causing collectd to crash or possibly other impact...

Hardcoded credentials

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra...

Hardcoded credentials

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized access to services...

CVE-2018-0038

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. These credentials allow network based attackers unauthorized access to information stored in Cassandra...

CVE-2016-10669

soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote...

Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests

Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer, which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access RDMA channels. However, a separate team of security researchers has now...

CVE-2018-2814

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Hotspot. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Will Subscribers Pay for Security?

Carriers see security as a vital component of their five-year strategies and expect to increase spending on security in 2018 according to the Telecoms.com Annual Industry Survey 2017. Is security a good business opportunity for Carriers? Turns out investment in security has a good payback based o...