CVE-2020-36165

An issue was discovered in Veritas Desktop and Laptop Option DLO before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create...

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

CVE-2020-9283

golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client...

TheTHE - Simple, Shareable, Team-Focused And Expandable Threat Hunting Experience

TheTHE is an environment intended to help analysts and hunters over the early stages of their work in an easier, unified and quicker way. One of the major drawbacks when dealing with a hunting is the collection of information available on a high number of sources, both public and private. All thi...

Johnson Controls Metasys system Trust Management Issues Vulnerability

Johnson Controls Metasys system is the United States Johnson Controls Johnson Controls company's set of building automation system. A trust management issue vulnerability exists in the Johnson Controls Metasys system prior to version 9.0, which arises from the Metasys ADS/ADX server and NAE/NIE/N...

GHSA-5XC6-FPC7-4QVG CoAPthon DoS due to Exceptions

The Serialize.deserialize method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client when they receive...

Valve: Vulnerability in GoldSource Engine allows to upload and run an arbitrary DLL on client

Introduction Greetings. In GoldSource Engine there is a vulnerability that allows to run an arbitrary DLL on the client, using the flaws in the file downloading system. Description Part of the problem is hidden in the CLBatchResourceRequest function. This is a client function that is responsible...

IBHsoftec IBH OPC UA Server/Client Detection (Windows SMB Login)

Detects the installed version of IBHsoftec IBH OPC UA Server/Client for Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

samba: Weak authentication protocol regression

A flaw was found in the way samba allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client...

Security Bulletin: GSKit security vulnerabilities have been identified in IBM HTTP Server and IBM DB2 shipped with IBM Tivoli Netcool Performance Manager

Summary IBM WebSphere Application Server and IBM DB2 Enterprise are shipped as components of IBM Tivoli Netcool Performance Manager. Information about a security vulnerability affecting WebSphere Application Server and IBM DB2 Enterprise has been published in a security bulletin. Vulnerability...

Security Bulletin: Vulnerabilities in GSKit affect IBM Data Server Client and Driver packages(CVE-2016-0201, CVE-2015-7420 and CVE-2015-7421)

Summary Vulnerabilities have been addressed in the GSKit component of IBM Data Server Client and Driver packages Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit th...

Heap overflow

Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte...

UBUNTU-CVE-2017-3636

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server execut...

Siemens SiPass Integrated Unauthorized Operation Vulnerability

SiPass server is a component of the SiPass centralized access control system that receives connections from clients for communication. An unauthorized operation vulnerability exists in Siemens SiPass integrated, where an attacker in an intermediate location between the SiPass integrated server an...

EaST - Exploits and Security Tools Framework

Pentest framework environment is the basis of IT security specialist’s toolkit. This software is essential as for learning and improving of knowledge in IT systems attacks and for inspections and proactive protection. The need of native comprehensive open source pen test framework with high level...

CVE-2017-0129

Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability."...

Input validation

Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability."...

CVE-2017-0129

Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability."...

powerpc-utils-python: arbitrary code execution due to unpickling untrusted input

It was found that the amsvis command of the powerpc-utils-python package did not verify unpickled data before processing it. This could allow an attacker who can connect to an amsvis server process or cause an amsvis client process to connect to them to execute arbitrary code as the user running...

The NTP daemon has a number of vulnerabilities need to fix-vulnerability warning-the black bar safety net

! Cisco to the Linux Foundation's Core Infrastructure implementation plan submitted by a number of the Network Time Protocol daemon vulnerability. They can allow an attacker to forge a UDP packet, causing a denial of service;or stop to set the correct time. Cisco's Talos security intelligence and...