CVE-2018-17766

The CVE-2018-17766 entry concerns Ingenico Telium 2 POS devices running Telium2 OS, where a flaw allows bypassing file-reading restrictions via the NTPT3 protocol. Multiple connected sources confirm the affected product family and the root cause is a file-access bypass within NTPT3. The vulnerabi...

Cisco Jabber for Windows Protocol Handler Command Injection Vulnerability

A vulnerability in the application protocol handling features of Cisco Jabber for Windows could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper handling of input to the application protocol handlers. An attacker could exploit this...

Cisco NX-OS Software IPv6 Protocol Independent Multicast DoS (cisco-sa-nxos-pim-memleak-dos-tC8eP7uw)

According to its self-reported version, Cisco NX-OS Software is affected by a denial of service DoS vulnerability due to improper error handling when processing inbound PIM6 packets. An unauthenticated, remote attacker can exploit this, by sending multiple crafted PIM6 packets to an affected...

[SECURITY] Fedora 31 Update: mod_http2-1.15.14-1.fc31

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers...

Internet Bug Bounty: CVE-2017-13041 The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().

Description: Versions of tcpdump before 4.9.2 are vulnerable to a buffer over-read in print-icmp6.c. This vulnerability was disclosed to the tcpdump maintainers and was recently patched in version 4.9.2 and disclosed as CVE-2017-13041. Patch:...

Taking Transport Layer Security (TLS) to the next level with TLS 1.3

Transport Layer Security TLS 1.3 is now enabled by default on Windows 10 Insider Preview builds, starting with Build 20170, the first step in a broader rollout to Windows 10 systems. TLS 1.3 is the latest version of the internet’s most deployed security protocol, which encrypts data to provide a...

CVE-2020-10283

The Micro Air Vehicle Link MAVLink protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOTVERSION message. Since this negotiation depends on the...

CVE-2019-6258

CVE-2019-6258 affects D-Link DIR-822 Rev.Bx devices with firmware 202KRb06 and older. Root cause: a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP message, mishandled by /usr/sbin/udhcpd while reading /var/servd/LAN-1-udhcpd.conf. Impact: potential high-severity condition...

CVE-2020-1527

An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges. T...

in spunjs/selenium-binaries

Overview selenium-binaries assists downloading Selenium related binaries for your OS, this package is vulnerable to Man in the Middle MitM attacks due to downloading resources over an insecure protocol...

CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

CVE-2020-17498

CVE-2020-17498 in Wireshark affects the Kafka protocol dissector (Wireshark 3.2.0–3.2.5), which could crash due to a double free during LZ4 decompression. The issue is fixed in the referenced description by avoiding the double free in epan/dissectors/packet-kafka.c. The description provides the v...

CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression...

Unauthorized Modification And Access

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

Information Disclosure

Git is susceptible to information disclosure vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Sterling Connect:Direct for UNIX (CVE-2016-8610)

Summary OpenSSL is used by IBM Sterling Connect:Direct for UNIX. IBM Sterling Connect:Direct for UNIX has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets...

CVE-2020-15391

The UI in DevSpace 4.13.0 allows web sites to execute actions on pods on behalf of a victim because of a lack of authentication for the WebSocket protocol. This leads to remote code execution...

Important Announcement

ATTENTION: Your vulnerability tests are out of maintenance and not updated since July 1st 2020. Your setup of Greenbone Source Edition will not report about any new threats in your scanned environment since this date! REASON: Your Greenbone setup is connected to a discontinued download protocol o...