Cisco NX-OS CDP Stack Overflow Remote Code Execution Vulnerability(cisco-sa-20200205-nxos-cdp-rce,CVE-2020-3119)

Summary: A Stack overflow Vulnerability that leads to RCE was observed in Cisco NX-OS software and products. The vulnerability exists in the cdpd_poe_handle_pwr_tlvs function. Description: The Power Request TLV – a CDP TLV frame made for negotiation of Power-over-Ethernet parameters. The Power Request TLV contains a list of requested power specifications. The 16-bit list length … Continue reading “Cisco NX-OS CDP Stack Overflow Remote Code Execution Vulnerability(cisco-sa-20200205-nxos-cdp-rce,CVE-2020-3119)”

Adobe Flash Player Stack Overflow Vulnerability: CVE-2018-5002

A stack overflow vulnerability was discovered in the Adobe’s Flash Player. CVE-2018-5002 has been assigned to track this vulnerability. The issue occurs due to improper execution of try-catch statement with a static initializer. It affects Adobe Flash Player 29.0.0.171 and earlier versions. Adobe has addressed this issue in APSB18-19 by releasing version 30.0.0.113. Microsoft has released ADV180014 … Continue reading “Adobe Flash Player Stack Overflow Vulnerability: CVE-2018-5002”