CVE-2018-0007

An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service...

CVE-2017-16820

A double-free vulnerability was found in the csnmpreadtable function in the SNMP plugin of collectd. A network-based attacker could exploit this by sending malformed data, causing collectd to crash or possibly other impact...

CVE-2017-2921

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...

CVE-2017-2921

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...

CVE-2017-2893

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet ove...

Design/Logic Flaw

An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request...

CVE-2017-2892

An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code...

CVE-2017-2921

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...

CVE-2017-2922

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to...

CVE-2017-10403

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications subcomponent: iQuery. Supported versions that are affected are 8.5.1 and 9.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2016-1265

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery CSRF, default authentication credentials, information leak and command injection attack vectors. A...

Attack The Machines: The lucrative business of ATM malware

Trend Micro and Europol’s European Cybercrime Centre EC3 today released a publicly available report on the ATM malware landscape. This builds on the 2016 report that was privately released to financial institutions and law enforcement agencies globally. The report digs into the depth and breadth ...

OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2017-2336 ScreenOS: XSS vulnerability in ScreenOS Firewall

A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker...

BSA-2017-322

Security Advisory ID : BSA-2017-322 Component : JAVA SE AWT Revision : 3.0: Final Vulnerability in the Java SE component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with...

CVE-2017-3523

Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/J. Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Whil...

CVE-2017-2320

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the...

Memory corruption

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system services partial to full denials of services, modification of system states and files, and potentia...

Authentication flaw

A firewall bypass vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to bypass firewall policies, leading to authentication bypass methods, information disclosure, modification of system files, and...

CVE-2017-2326

An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future...