OSCA-550, OSCA-550A, OSCA-550AX, OSCA-550X Security Vulnerabilities

CVE-2020-16216

In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely...

Input validation

In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely...

CVE-2020-16216 Philips Patient Monitoring Devices Improper Input Validation

In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely...

Description of the security update for SharePoint Server 2019: September 8, 2020

Description of the security update for SharePoint Server 2019: September 8, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

Description of the security update for SharePoint Enterprise Server 2013: September 8, 2020

Description of the security update for SharePoint Enterprise Server 2013: September 8, 2020 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Excel if the software does not check the source markup of an application package. To learn more about the....

Description of the security update for SharePoint Server 2010: September 8, 2020

Description of the security update for SharePoint Server 2010: September 8, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

Digital Education: The cyberrisks of the online classroom

This past spring, as the COVID-19 pandemic took hold, online learning became the new norm as universities and classrooms around the world were forced to close their doors. By April 29, 2020, more than 1.2 billion children across 186 countries were impacted by school closures. Shortly after schools....

Senate Bill Would Expand Facial-Recognition Restrictions Nationwide

A bill making its way through the U.S. Senate aims to extend nationwide some of the restrictions on the collection of facial-recognition information already imposed by an Illinois state law, as well as expand private citizens’ legal powers to sue companies that violate them. The news comes as...

Oracle WebLogic Server - Remote Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and...

Description of the security update for SharePoint Server 2019: August 11, 2020

Description of the security update for SharePoint Server 2019: August 11, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

Description of the security update for SharePoint Server 2010: August 11, 2020

Description of the security update for SharePoint Server 2010: August 11, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

Description of the security update for Outlook 2013: August 11, 2020

Description of the security update for Outlook 2013: August 11, 2020 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Outlook when the software does not correctly handle objects in memory. It also resolves an information disclosure vulnerability.....

High-Severity Cisco DoS Flaw Plagues Small-Business Switches

Cisco is warning of a high-severity flaw that could allow remote, unauthenticated attackers to cripple several of its popular small-business switches with denial of service (DoS) attacks. The vulnerability stems from the IPv6 packet processing engine in the switches. IPv6 (also known as Internet...

c-ares 1.16.0 Use-After-Free Exploit

c-ares version 1.16.0 has an issue where ares_destroy() with pending ares_getaddrinfo() leads to a use-after-free...

Description of the security update for SharePoint Server 2010: July 14, 2020

Description of the security update for SharePoint Server 2010: July 14, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...

Description of the security update for Outlook 2013: July 14, 2020

Description of the security update for Outlook 2013: July 14, 2020 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Outlook software if it does not correctly handle objects in memory. To learn more about the vulnerability, see Microsoft Common...

Description of the security update for SharePoint Enterprise Server 2013: July 14, 2020

Description of the security update for SharePoint Enterprise Server 2013: July 14, 2020 Note: After you install this update, the default setting for a trusted data source and trusted content locations in PerformancePoint Services will change from trust all to trust none. For more information, see.....

Cisco Warns of High-Severity Bug in Small Business Switch Lineup

Cisco Systems is warning of a high-severity flaw affecting more than a half-dozen of its small business switches. The flaw could allow remote, unauthenticated attackers to access the switches’ management interfaces with administrative privileges. Specifically affected are Series Smart Switches,...

Fedora 31 : tcpreplay (2020-256ac53cc7)

This release contains bug fixes only (which includes security fixes) : Increase cache buffers size to accomodate VLAN edits (#594) Correct L2 header length to correct IP header offset (#583) Fix warnings from gcc version 10 (#580) Heap Buffer Overflow in randomize_iparp (#579) ...

Fedora 32 : tcpreplay (2020-f47830961a)

This release contains bug fixes only (which includes security fixes) : Increase cache buffers size to accomodate VLAN edits (#594) Correct L2 header length to correct IP header offset (#583) Fix warnings from gcc version 10 (#580) Heap Buffer Overflow in randomize_iparp (#579) ...

Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access

This module tests for a logic vulnerability in the Cisco VPN Concentrator 3000 series. It is possible to execute some FTP statements without authentication (CWD, RNFR, MKD, RMD, SIZE, CDUP). It also appears to have some memory leak bugs when working with CWD commands. This module simply creates an....

Description of the security update for SharePoint Server 2010: June 9, 2020

Description of the security update for SharePoint Server 2010: June 9, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following....

Description of the security update for SharePoint Server 2010: May 12, 2020

Description of the security update for SharePoint Server 2010: May 12, 2020 Summary This security update resolves a cross-site-scripting (XSS) vulnerability that exists if Microsoft SharePoint Server does not correctly sanitize a specially crafted web request to an affected SharePoint server. To...

Sky File 2.1.0 iOS - Directory Traversal Vulnerability

Exploit for php platform in category web...

Sky File 2.1.0 iOS - Directory Traversal

...

lerciopinto.pt Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1148367 Security Researcher DkilerS2 Helped patch 112 vulnerabilities Received 4 Coordinated Disclosure badges Received 8 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting lerciopinto.pt website and...

IBM Data Risk Manager Authentication Bypass / Command Injection / File Download Exploit

IBM Data Risk Manager suffers from authentication bypass, command injection, insecure default password, and arbitrary file download...

Sky File v2.1.0 iOS - Multiple Web Vulnerabilities

...

Sky File 2.1.0 Cross Site Scripting / Directory Traversal

...

IBM Data Risk Manager Authentication Bypass / Command Injection / File Download

...

Oracle VirtualBox xHCI Heap-based Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI...

Description of the security update for SharePoint Enterprise Server 2013: April 14, 2020

Description of the security update for SharePoint Enterprise Server 2013: April 14, 2020 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft SharePoint when the software fails to check the source markup of an application package. To learn more about....

Description of the security update for Outlook 2013: April 14, 2020

Description of the security update for Outlook 2013: April 14, 2020 Summary This security update resolves a remote code execution vulnerability that exists when Microsoft Office improperly loads arbitrary type libraries. To learn more about the vulnerability, see Microsoft Common Vulnerabilities...

Description of the security update for SharePoint Server 2010: April 14, 2020

Description of the security update for SharePoint Server 2010: April 14, 2020 Summary This security update resolves a cross-site-scripting (XSS) vulnerability that exists if Microsoft SharePoint Server does not correctly sanitize a specially crafted web request to an affected SharePoint server. To....

MS15-022: Description of the security update for SharePoint Server 2013: March 10, 2015

MS15-022: Description of the security update for SharePoint Server 2013: March 10, 2015 Introduction This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file...

Input validation

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product...

CVE-2020-1802

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product...

CVE-2020-1802

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product...

Arbitrary Code Execution

cairo is vulnerable to arbitrary code execution. The vulnerability exists if an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the...

Security Advisory - Insufficient Integrity Validation Vulnerability in Several Products

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB. (Vulnerability ID:...

338online.es Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1128125 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting 338online.es website and...

Input validation

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions...

CVE-2020-1879

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions...

CVE-2020-1879

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications.Affected product versions include:HEGE-560 versions...

Activities of a Nigerian Cybercriminal Uncovered

Ever wonder who’s behind one of those Nigerian cyber-crime email campaigns asking you to enter into a shady business deal and how they’re enacted? In a unique profile, researchers pulled back the curtain on such an attack with a report outlining how a Nigerian cybercriminal made hundreds of...

Activities of a Nigerian Cybercriminal Uncovered

Ever wonder who’s behind one of those Nigerian cyber-crime email campaigns asking you to enter into a shady business deal and how they’re enacted? In a unique profile, researchers pulled back the curtain on such an attack with a report outlining how a Nigerian cybercriminal made hundreds of...

Researchers Uncover a Nigerian Hacker's Pursuit of his Million Dollar Dream

Social engineering-driven malware threats continue to be a big threat, but new research details how cybercriminals profit off such schemes to launder hundreds of thousands of dollars from stolen credit cards of unsuspecting victims. Cybersecurity firm Check Point Research, in a report shared...

Internet Bug Bounty: CVE-2020-10938-buffer overflow/out-of-bounds write in compress.c:HuffmanDecodeImage()

Hello, There is an out-of-bounds write that is likely exploitable while performing Huffman decoding of Fax images. The technical details are as follows. # Type: integer underflow produces out of bounds heap/etc write # Platform: 32-bit # Details: 390 MagickExport MagickPassFail...

Security Advisory - Improper Integrity Checking Vulnerability on some Huawei Products

There is an improper integrity checking vulnerability on some huawei products. The software of the affected product has an improper integrity check which may allow an attacker with high privilege to make malicious modifications. (Vulnerability ID: HWPSIRT-2019-10070) This vulnerability has been...

Trend Micro Cloud App Security Blocked 12.7 Million High-Risk Email Threats in 2019 – in addition to those detected by cloud email services’ built-in security

On March 3, 2020, the cyber division of Federal Bureau of Investigation (FBI) issued a private industry notification calling out Business Email Compromise (BEC) scams through exploitation of cloud-based email services. Microsoft Office 365 and Google G Suite, the two largest cloud-based email...