Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2019-5040: TALOS-2019-0803 || Cisco Talos Intelligence Group

An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker can send a packet to trigger this vulnerability.

CVE
Open in Source
#vulnerability#google#cisco#intel
CVE-2019-5037: TALOS-2019-0800 || Cisco Talos Intelligence Group

An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in a denial of service. An attacker can send a specially crafted packet to trigger.

CVE-2019-5039: TALOS-2019-0802 || Cisco Talos Intelligence Group

An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability.

CVE-2019-5038: TALOS-2019-0801 || Cisco Talos Intelligence Group

An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command.

CVE-2019-4340: IBM Security Guardium Big Data Intelligence XML external entity injection CVE-2019-4340 Vulnerability Report

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419.

CVE-2019-4338: Security Bulletin: IBM Security Guardium Big Data Intelligence is affected by a Denial of service vulnerability

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417.

CVE-2019-4420: Security Bulletin: IBM® Intelligent Operations Center might disclose sensitive information in error messages (CVE-2019-4420)

IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738.

CVE-2019-4310: Security Bulletin: IBM Security Guardium Big Data Intelligence is affected by a Improper Restriction of Excessive Authentication Attempts vulnerability

IBM Security Guardium Big Data Intelligence 4.0 (SonarG) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 161036.

CVE-2019-4419: Security Bulletin: IBM® Intelligent Operations Center is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data (CVE-2019-4419)

IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.

CVE-2019-15232

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.