The complexity of modern information systems relies on a large number of applications that are necessary for the proper functioning of any company. So the task of keeping up with the threats is quite difficult. Updating systems is a basic task and has a great effect. But to do this, you need to know which vulnerabilities and threats might affect your business and properly decide how to prioritize the investment in Information Security.
We are always ready to help you in an efficient and reliable way.
In addition to the Vulnerability and Threat Intelligence service, we also provide access to the vulnerabilities discovered by Allele Security Intelligence’s research team through our Security Research service. We conduct research constantly and especially in applications that are essential for various types of industry. Your company will stay up to date with the latest vulnerabilities and threats that may affect your business.
Always being steps ahead
see Our latest security alerts
- ASA-2019-00510 – FreeBSD bhyve: Insufficient validation of guest-supplied data (e1000 device)The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these … Read More
- ASA-2019-00509 – FreeBSD: Insufficient message length validation in bsnmp libraryA function extracting the length from type-length-value encoding is not properly validating the submitted length. A remote user could cause, for example, an out-of-bounds read, decoding of unrelated data, or trigger a crash of the software such as bsnmpd resulting in a denial of service.
- ASA-2019-00508 – FreeBSD: ICMPv6 / MLDv2 out-of-bounds memory accessThe ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic.
- ASA-2019-00507 – FreeBSD: Multiple vulnerabilities in bzip2The decompressor used in bzip2 contains a bug which can lead to an out-of-bounds write when processing a specially crafted bzip2(1) file. bzip2recover contains a heap use-after-free bug which can be triggered when processing a specially crafted bzip2(1) file. An attacker who can cause maliciously crafted input to be processed may trigger either of these … Read More
- ASA-2019-00506 – Wind River VxWorks: TCP Urgent Pointer = 0 leads to integer underflowA specially crafted TCP-segment with the URG-flag set may cause overflow of the buffer passed to recv(), recvfrom() or recvmsg() socket routines. With a prerequisite that the system uses TCP sockets, an attacker can either hijack an existing TCP session and inject bad TCP segments, or establish a new TCP session on any TCP port … Read More