714 matches found
CVE-2017-10860
CVE-2017-10860 affects i-filter 6.0 installer/installer components from Digital Arts. The issue is an untrusted search path vulnerability in the installer’s code signing timestamp (before 23 Aug 2017 JST) that can allow arbitrary code execution via a specially crafted executable in an unspecified...
CVE-2017-10859
CVE-2017-10859 corresponds to an untrusted search path vulnerability in Digital Arts’ i-filter 6.0 installer. The code-signing timestamp before 23 Aug 2017 (JST) enables privilege escalation via a Trojan DLL located in an unspecified directory, potentially allowing arbitrary code execution with t...
CVE-2017-10859
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 JST allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-10860
Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 JST allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...
JVN#75929834: Install program and Installer of i-フィルター 6.0 may insecurely load Dynamic Link Libraries and invoke executable files
i-フィルター 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-フィルター 6.0 install program and installer contain the following vulnerabilities. Lead to insecurely loading...
Zerodium Offers $500K for Secure Messaging App Zero Days
Zerodium, a vendor operating in the nebulous exploit acquisition market, has put a premium on zero-day vulnerabilities in secure messaging applications in a new pricing structure announced today. Remote code execution and local privilege elevation zero days in messaging apps such as WhatsApp,...
For NXP I. MX microprocessor HAB vulnerability analysis-vulnerability warning-the black bar safety net
One, Foreword NXP(NXP)semiconductor production company i. The MX Series application processor of the Secure Boot features in the presence of two vulnerabilities, two vulnerabilities by Quarkslab the two researchers Guillaume Delugré and Kévin Szkudłapski found this article on the two vulnerabilit...
Lenovo Service Bridge Spoofing Vulnerability
Lenovo Service Bridge is a Windows program from the Chinese company Lenovo Lenovo that automatically detects the serial number and model number of your device. A spoofing vulnerability exists in the signature verification logic in code signing certificates in versions prior to Lenovo Service Brid...
CVE-2016-8231
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate...
CVE-2016-8231
In CVE-2016-8231, Lenovo Service Bridge prior to version 4 contains a flaw in the signature verification logic of code signing certificates that could allow a forged certificate to be accepted. Affected product: Lenovo Service Bridge (LSB) on Windows. Root cause: incorrect/weak signature verifica...
CVE-2016-8231
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate...
Bitdefender in processing PE code signing the organizationName field when there is buffer overflow vulnerability-vulnerability warning-the black bar safety net
A vulnerability summary This paper describes the Bitdefender PE engine in the presence of a buffer overflow vulnerability. Bitdefender provides“anti-malware antimalware”of the engine, the engine can be integrated to other security vendors ' products, Bitdefender in their products, such as...
WordPress: WordPress Automatic Update Protocol Does Not Authenticate Updates Provided by the Server
When the WordPress automatic update process is initiated likely via wp-cron.php, this is the path the code takes: https://github.com/WordPress/WordPress/blob/4a6f90db58a935abb688cfb91b391dffeda7b35c/wp-admin/includes/class-wp-upgrader.phpL242-L283...
Lenovo Service Bridge Contains Privilege Escalation and Other Vulnerabilities - Lenovo Support US
No description provided...
Lenovo Service Bridge Contains Privilege Escalation and Other Vulnerabilities - us
Lenovo Security Advisory: LEN-10149 Potential Impact: Local privilege escalation, cross-site request forgery, insecure connection, possibility to insert a forged code signing certificate Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2016-8228, CVE-2016-8229, CVE-2016-8230,...
Citrix Cloud Connector Installation does not complete: Unable to validate certificate chain
Citrix Cloud Connector does not complete its initial installation or is unable to upgrade to the latest Cloud Connector version. The installation is blocked because it’s not able to validate the code signing certificate of the Citrix Cloud Components downloaded, which may be due to the certificat...
HandBrake for Mac Compromised with Proton Spyware
The handlers of the open source HandBrake video transcoder are warning anyone who recently downloaded the Mac version of the software that they’re likely infected with malware. HandBrake warned users on Saturday of a compromise of one of its mirror download servers, and said anyone who grabbed th...
Windows Botnet Spreading Mirai Variant
A Chinese-speaking attacker is spreading a Mirai variant from a repurposed Windows-based botnet. Researchers at Kaspersky Lab published a report today, and said the code was written by an experienced developer who also built in the capability to spread the IoT malware to Linux machines under...
CVE-2016-7584
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by usin...
About the security content of iOS 9.3 - Apple Support
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...