183 matches found
SUSE CVE-2019-11737
If a wildcard '' is specified for the host in Content Security Policy CSP directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox 69...
SUSE CVE-2019-11748
WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in other software, a decision was made to no longer persist these permissions. This avoids the...
SUSE CVE-2020-27764
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator where a sizet cast should have been a ssizet cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity...
CVE-2022-38497
LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69...
Design/Logic Flaw
LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69...
Neopets Suffers Second Data Breach as 69 Million Accounts are Stolen
By Waqas Neopets has acknowledged the data breach and currently urging users to change their passwords immediately. Neopets is a… This is a post from HackRead.com Read the original post: Neopets Suffers Second Data Breach as 69 Million Accounts are Stolen...
Malicious code in calc-n3mo-69 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e84db72fdf7f17e95f6c96bd4c44723e28d55b4e730672111457ce47eb562e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1761 Malicious code in calc-n3mo-69 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e84db72fdf7f17e95f6c96bd4c44723e28d55b4e730672111457ce47eb562e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Backdoor.Win32.Psychward.03.a Weak Hardcoded Password
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/d069738f18957117367b8a79195a6a96.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Psychward.03.a Vulnerability: Weak Hardcoded Password Description: The malware listen...
Pinkie 2.15 - TFTP Remote Buffer Overflow Exploit
Exploit Title: Pinkie 2.15 - TFTP Remote Buffer Overflow PoC Discovered by: Yehia Elghaly Vendor Homepage: http://www.ipuptime.net/ Software Link : http://ipuptime.net/PinkieSetup.zip Tested Version: 2.15 Vulnerability Type: Buffer Overflow DoS Remote Tested on OS: Windows XP SP3 - Windows 7...
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by vulnerabilities These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 69. Vulnerability Details CVEID: CVE-2021-23343 DESCRIPTION: path-parse is vulnerable t...
Adobe Bridge 11.x < 11.1.1 Multiple Vulnerabilities (APSB21-69)
The version of Adobe Bridge installed on the remote Windows host is prior to 11.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-69 advisory. - Adobe Bridge version 11.1 and earlier is affected by a memory corruption vulnerability due to insecure handling of...
CVE-2020-27754
In IntensityCompare of /magick/quantize.c, there are calls to PixelPacketIntensity which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity function, which forces the pixel...
Design/Logic Flaw
In IntensityCompare of /magick/quantize.c, there are calls to PixelPacketIntensity which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity function, which forces the pixel...
CVE-2020-25667
TIFFGetProfiles in /coders/tiff.c calls strstr which causes a large out-of-bounds read when it searches for "dc:format="image/dng" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to...
CVE-2020-27766
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability,...
ImageMagick Input Validation Error Vulnerability
Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in versions prior to ImageMagick 6.9.10-69, which ste...
CVE-2020-27764
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator where a sizet cast should have been a ssizet cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity...
Input validation
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator where a sizet cast should have been a ssizet cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity...
ImageMagick Studio ImageMagick 输入验证错误漏洞
Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in versions prior to ImageMagick 6.9.10-69, which ste...