Bluetooth – Encryption Key Negotiation of Bluetooth Vulnerability
Description: Bluetooth BR/EDR key negotiation vulnerability exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker would need specialized hardware and would be limited by the range of the Bluetooth devices in use.
Threat: An attacker who exploited the vulnerability could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes.
Criticality: Medium
Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9506
HTTP/2 –Server Denial of Service Vulnerability
Description: A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests.
Threat: An attacker who exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive.
Criticality: Medium
Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9511
Adobe – Out of Bound Read
Description: Adobe has released updates for Photoshop CC to resolve multiple critical and important vulnerabilities which cloud lead to arbitrary code execution in the context of the current user.
Threat: A successful exploit of this vulnerability could lead to a memory leak.
Criticality: High
Update/Patch: https://helpx.adobe.com/security/products/photoshop/apsb19-44.html
0 Comments