Denial Of Service (DoS)

Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as...

SUSE-SU-2019:0955-1 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2)

This update for the Linux Kernel 4.4.121-92104 fixes one issue. The following security issue was fixed: - CVE-2018-5390: The Linux kernel could be forced to make very expensive calls to tcpcollapseofoqueue and tcppruneofoqueue for every incoming packet which can lead to a denial of service...

Cisco Patches Critical Bug in License Management Tool

Cisco Systems is warning of a critical bug in two of its license management tools that could allow an unauthenticated remote attacker to execute arbitrary queries. A successful attack could allow for an attacker to modify and delete random data in Cisco product lifecycle management applications...

SUSE-SU-2018:3681-1 Security update for curl

This update for curl fixes the following issues: - CVE-2018-16840: A use-after-free in SASL handle close was fixed bsc1112758 - CVE-2018-16842: A Out-of-bounds Read in toolmsgs.c was fixed which could lead to crashes bsc1113660...

SUSE-SU-2018:3629-1 Security update for opensc

This update for opensc fixes the following security issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card bsc1106998 - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card bsc1106999 - CVE-2018-16393: Fixed buffer overflows wh...

SUSE-SU-2018:3620-1 Security update for icinga

This update for icinga fixes the following issues: Security issues fixed: - CVE-2015-8010: Fixed XSS in the icinga classic UI boo952777 - CVE-2016-8641 / CVE-2016-10089: fixed a possible symlink attack for files/dirs created by root boo1011630 and boo1018047...

MGASA-2018-0363 Updated openssh packages fix security vulnerability

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c CVE-2018-15473...

SUSE-SU-2018:2076-1 Security update for microcode_ctl

This update for microcodectl fixes the following issues: The Intel CPU Microcode bundle was updated to the 20180703 release For the listed CPU chipsets this fixes CVE-2018-3640 Spectre v3a and helps mitigating CVE-2018-3639 Spectre v4 bsc1100147 bsc1087082 bsc1087083 More details can be found on:...

OPENSUSE-SU-2018:1265-1 Security update for opencv

This update for opencv fixes the following issues: - CVE-2016-1517: Fixed a denial of service segfault via vectors involving corrupt chunks boo1033150 - CVE-2016-1516: Fixed a double free issue that allows attackers to execute arbitrary code boo1033152...

Cisco product experience serious vulnerability, resulting in a large number of devices is facing a remote risk of attack-vulnerability warning-the black bar safety net

! Cisco in their IOS software that patches over 30 vulnerabilities, including a serious remote code execution vulnerability, the vulnerability can be hundreds of thousands of even millions of devices exposed on the network device initiates a remote attack. A total of three vulnerabilities are rat...

Cimg Heap Buffer Out-of-Bounds Read Vulnerability

CImg is an open source C++ tool library for image processing . A heap buffer out-of-bounds read vulnerability exists in CImg version 220. The vendor has released a security advisory and related patch information to fix this vulnerability, and users are advised to download and use it...

Walt Disney Per-Face Texture Mapping faceInfoSize Code Execution Vulnerability

Summary An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to...

Design/Logic Flaw

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit th...

Command injection

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the...

CVE-2017-12341

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the...

CVE-2017-12331

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit th...

CVE-2017-12331

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit th...

CVE-2017-12331

CVE-2017-12331 affects Cisco NX-OS System Software on Multilayer Director Switches, Nexus 7000/7700 Series, and UCS Manager. Root cause: insufficient NX-OS signature verification for software patches. An authenticated, local attacker with valid administrator credentials could bypass signature ver...

CVE-2017-12341

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the...

OPENSUSE-SU-2017:2568-1 Recommended update for openjpeg

This update for openjpeg fixes the following vulnerability: CVE-2016-7445: Null pointer dereference in convert.c could lead to crash bsc999817 The following bug was also fixed: - Programs linked with libopenjpeg1 would expose non-standard math behavior due to usage of -ffast-math in openjpeg...