CVE-2020-26421

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file...

CVE-2020-26421

CVE-2020-26421 affects Wireshark; USB HID protocol dissector (and possibly other dissectors) in Wireshark 3.4.0 and 3.2.0–3.2.8 crashes, enabling denial of service via crafted captures or packet injection. Connected sources confirm the issue and document verifications/updates: Debian LTS fixed Wi...

CVE-2020-26421

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file...

CVE-2020-26420

CVE-2020-26420 : The connected documents indicate a memory leak in the RTPS protocol dissector in Wireshark versions 3.4.0 and 3.2.0 to 3.2.8, enabling a denial-of-service via crafted captures or packet injection. The root cause is a memory leak in the RTPS dissector, leading to resource exhausti...

Denial of service

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly...

CVE-2020-7790 Arbitrary File Read

This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF...

Updated tor package fixes security vulnerabilities

When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel...

Impressive iPhone Exploit

This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device­ -- over Wi-Fi, with no user interaction required at all. Oh, and...

CVE-2020-25651

CVE-2020-25651 affects spice-vdagent (SPICE file transfer protocol) where file data can leak to a client connection or cause denial of service for spice-vdagent versions 0.20 and earlier. Exploitation could occur via the host-to-VM transfer path; impact includes confidentiality loss and availabil...

CVE-2020-25651

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

CVE-2020-26241

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. This is a Consensus vulnerability in Geth before version 1.9.17 which can be used to cause a chain-split where vulnerable nodes reject the canonical chain. Geth's pre-compiled dataCopy at 0x00...04 contract di...

CVE-2020-25660

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the...

CVE-2020-25660

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the...

FreeBSD : gitea -- multiple vulnerabilities (55facdb0-2c24-11eb-9aac-08002734b9ed)

The Gitea Team reports for release 1.12.6 : - Prevent git operations for inactive users - Disallow urlencoded new lines in git protocol paths if there is a port C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...

Facebook Messenger Bug Allows Spying on Android Users

Facebook has patched a significant flaw in the Android version of Facebook Messenger that could have allowed attackers to spy on users and potentially identify their surroundings without them knowing. Natalie Silvanovich, a security researcher at Google Project Zero, discovered the vulnerability,...

In-band Protocol Negotiation And Robustness Weakness

aws-encryption-sdk suffers from an In-band protocol negotiation and robustness weakness. The SDK allows a unique ciphertext to be decrypted into different results due to the non-committing property of AES-GCM, and other AEAD ciphers such as AES-GCM-SIV, or XChaCha20Poly1305, when encrypting...

CVE-2020-28327

A respjsipsession crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This...

Design/Logic Flaw

Visual Components owned by KUKA is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds ...

Stack overflow

Visual Components owned by KUKA is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds ...

CVE-2020-10292 Service DoS through arbitrary pointer dereferencing on KUKA simulator

Visual Components owned by KUKA is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a network license server. The network license server binds ...