DP300,RP200,RSE6500,TE30,TE40,TE50,TE60,TX50,VP9660,ViewPoint 8660,ViewPoint 9030,Viewpoint 8660, Security Vulnerabilities

Memory corruption

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code...

CVE-2019-8660

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code...

Security Advisory - Remote Code Execution Vulnerability in Fastjson

A remote code execution vulnerability exists in the open-source JSON parsing library Fastjson. Remote attackers can send crafted JSON data packets to exploit this vulnerability. Successfully exploit could allow the attacker to execute arbitrary code on the target Fastjson server. (Vulnerability...

CVE-2019-5232

There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information...

CVE-2019-5232

There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information...

Design/Logic Flaw

There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information...

CVE-2019-5232

There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information...

Security Advisory - Buffer Overflow Vulnerability in Huawei Atlas Product

There is a buffer overflow vulnerability in Huawei Atlas product. A local, authenticated attacker may craft specific parameter and send to the process to exploit this vulnerability. Successfully exploit may cause service crash. (Vulnerability ID: HWPSIRT-2019-08062) This vulnerability has been...

Security Advisory - Use of Insufficiently Random Values Vulnerability in Huawei ViewPoint Products

There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak. (Vulnerability ID: HWPSIRT-2019-10076) This vulnerability has been....

HQWar: the higher it flies, the harder it drops

Mobile dropper Trojans are one of today's most rapidly growing classes of malware. In Q1 2019, droppers are in the 2nd or 3rd position in terms of share of total detected threats, while holding nearly half of all Top 20 places in 2018. Since the droppers' main task is to deliver payload while...

Security update for neovim (important)

An update that fixes one vulnerability is now available. Description: This update for neovim fixes the following issues: neovim was updated to version 0.3.7: CVE-2019-12735: source should check sandbox (boo#1137443) genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5: ...

The Fully Remote Attack Surface of the iPhone

Posted by Natalie Silvanovich, Project Zero While there have been several rumours and reports of fully remote vulnerabilities affecting the iPhone being used by attackers in the last couple of years, limited information is available about the technical details of these vulnerabilities, as well...

Apple iMessage Flaw Allows Remote Attackers to Read iPhone Messages

Five bugs in Apple’s iMessage service for the iPhone have been uncovered that require no user interaction to exploit, including one that would allow remote attackers to access content stored on iOS devices. First discovered by Google Project Zero security researcher Natalie Silvanovich, Apple has.....

Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws

Google's cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage. All the vulnerabilities, which...

iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1

...

iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1 Exploit

...

macOS Sierra / High Sierra Multiple Vulnerabilities (Security Update 2019-004)

The remote host is running Mac OS X 10.12.6 or Mac OS X 10.13.6 and is missing a security update. It is, therefore, affected by multiple vulnerabilities : An application may be able to read restricted memory (CVE-2019-8691, CVE-2019-8692, CVE-2019-8693) Extracting a zip file containing a...

Apple TV < 12.4 Multiple Vulnerabilities

According to its banner, the version of Apple TV on the remote device is prior to 12.4. It is therefore affected by multiple vulnerabilities as described in...

macOS 10.14.x < 10.14.6 Multiple Vulnerabilities

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6. It is, therefore, affected by multiple vulnerabilities : An application may be able to read restricted memory (CVE-2019-8691, CVE-2019-8692, CVE-2019-8693) Extracting a zip file containing a symbolic...

Security update for neovim (important)

An update that fixes one vulnerability is now available. Description: This update for neovim fixes the following issues: neovim was updated to version 0.3.7: CVE-2019-12735: source should check sandbox (boo#1137443) genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5: ...

Apple Mac OS X Security Updates (HT210348)-02

Apple Mac OS X is prone to multiple...

Apple iOS < 12.4 Multiple Vulnerabilities

The version of Apple iOS running on the mobile device is prior to 12.4. It is, therefore, affected by multiple...

About the security content of tvOS 12.4

About the security content of tvOS 12.4 This document describes the security content of tvOS 12.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....

About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra

About the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra This document describes the security content of macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. About Apple security updates For...

openSUSE: Security Advisory for neovim (openSUSE-SU-2019:1759-1)

The remote host is missing an update for...

About the security content of iOS 12.4

About the security content of iOS 12.4 This document describes the security content of iOS 12.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent....

About the security content of watchOS 5.3

About the security content of watchOS 5.3 This document describes the security content of watchOS 5.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available......

openSUSE Security Update : neovim (openSUSE-2019-1759)

This update for neovim fixes the following issues : neovim was updated to version 0.3.7 : CVE-2019-12735: source should check sandbox (boo#1137443) genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5 : options: properly reset directories on 'autochdir' Remove MSVC...

Security update for neovim (important)

An update that fixes one vulnerability is now available. Description: This update for neovim fixes the following issues: neovim was updated to version 0.3.7: CVE-2019-12735: source should check sandbox (boo#1137443) genappimage.sh: migrate to linuxdeploy Version Update to version 0.3.5: ...

Fails and Fixes with IoT

After nearly 6 years of tearing apart 'internet of things' devices, here's a look at the high level fails that we keep seeing. We're not going to go in to point issues such as Wi-Fi credential leakage and Bluetooth compromise: our blog is littered with those! What are the root issues and what can.....

Meet Extenbro, a new DNS-changer Trojan protecting adware

Recently, we uncovered a new DNS-changer called Extenbro that comes with an adware bundler. These DNS-changers block access to security-related sites, so the adware victims can’t download and install security software to get rid of the pests. From our viewpoint, this might be like sending in an...

Siemens IE/PB LINK PN IO Ethernet to PROFIBUS Communications Adapter

As a stand-alone component, the IE/PB LINK PN IO builds the seamless transition between Industrial Ethernet and PROFIBUS by means of real-time communication (RT) and thus enables existing PROFIBUS devices to be integrated into a PROFINET application. From the viewpoint of the IO Controller, all DP....

jadwork.net Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-880494 Security Researcher Mughiwara Helped patch 192 vulnerabilities Received 2 Coordinated Disclosure badges Received 4 recommendations , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting jadwork.net website and its.....

Mother's Day Online Shoppers Were Active, and So Were Threat Actors

Mother's Day is a major online shopping event that attracts both shoppers as well as threat actors. Earlier in the year, we reported on the United Kingdom's version, called Mothering Sunday. An eMarketer spending forecast predicted that in the United States, retail gift spending would increase,...

EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1534)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length ...

EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1518)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature ...

EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1505)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel ...

EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1489)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an...

What to do when you discover a data breach

Your cell phone goes off in the middle of your well-deserved sleep and you try to find it before your partner wakes up as well. “What could be wrong? Why would they page me in the middle of the night?” More asleep than awake, you stumble down the stairs and call the number on the screen, which...

Use-After-Free

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary....

Who is managing the security of medical management apps?

One truth that is consistent across every sector—be it technology or education—is that software is vulnerable, which means that any device running software applications is also at risk. While virtually any application-running device could be compromised by an attacker, vulnerabilities in medical...

Cardinal RAT Resurrected to Target FinTech Firms

A malware family called Cardinal RAT has reappeared, after two years of silence, in a series of attacks that have been targeting Israel-based financial technology firms. After Cardinal RAT was first detected in 2017, the malware disappeared for two years. But now, in this latest campaign,...

TheCarProject v2 - Multiple SQL Injection Vulnerability

Exploit for php platform in category web...

TheCarProject 2 SQL Injection

...

TheCarProject 2 - Multiple SQL Injection

...

TheCarProject 2 - Multiple SQL Injection

TheCarProject 2 - Multiple SQL...

Denial Of Service (DoS)

libmatio.so is vulnerable to denial of service (DoS) attacks. The vulnerability exists through a possible stack-based buffer over-read in a memcpy operation in Mat_VarReadNextInfo5() in src/mat5.c, resulting in a denial of service condition when the vulnerability is...

Stack overflow

An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...

CVE-2019-9030

An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...

CVE-2019-9030

An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...