Bluetooth – Encryption Key Negotiation of Bluetooth Vulnerability

 

Description: Bluetooth BR/EDR key negotiation vulnerability exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker would need specialized hardware and would be limited by the range of the Bluetooth devices in use.

Threat: An attacker who exploited the vulnerability could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes. 

Criticality: Medium

Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9506

 

HTTP/2 –Server Denial of Service Vulnerability

 

Description:  A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests.

Threat:  An attacker who exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive.

Criticality: Medium

Update/Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-9511

 

Adobe – Out of Bound Read

 

Description: Adobe has released updates for Photoshop CC to resolve multiple critical and important vulnerabilities which cloud lead to arbitrary code execution in the context of the current user.   

Threat: A successful exploit of this vulnerability could lead to a memory leak. 

Criticality: High

Update/Patch: https://helpx.adobe.com/security/products/photoshop/apsb19-44.html

 

0 Comments

Submit a Comment

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Register your email to receive the latest news and updates from getNEXT.

You have Successfully Subscribed!

Share This