CVE-2021-42777

Stimulsoft aka Stimulsoft Reports 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start...

Code injection

Stimulsoft aka Stimulsoft Reports 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start...

PT-2022-11683 · Stimulsoft · Stimulsoft Reports

Name of the Vulnerable Software and Affected Versions: Stimulsoft aka Stimulsoft Reports version 2013.1.1600.0 Description: The issue allows an attacker to execute arbitrary C code on any machine that renders a report, including the application server or a user's local machine. This is demonstrat...

CVE-2021-42777

Stimulsoft aka Stimulsoft Reports 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start...

CVE-2021-42777

Stimulsoft aka Stimulsoft Reports 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start...

CVE-2021-42777

CVE-2021-42777 affects Stimulsoft (Stimulsoft Reports) version 2013.1.1600.0; when Compilation Mode is enabled, it allows an attacker to execute arbitrary C# code on any machine rendering a report (server or client) via System.Diagnostics.Process.Start. The vulnerability is a code-execution risk ...

[SECURITY] Fedora 35 Update: pypy3.7-7.3.9-4.3.7.fc35

PyPy's implementation of Python 3.7, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc.. This build of PyPy has JIT-compilation enabled...

Fedora: Security Advisory for pypy3.9 (FEDORA-2022-4ac2e16969)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-3626

LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemset in libtiff/tifunix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit...

[SECURITY] Fedora 35 Update: pypy3.8-7.3.9-5.3.8.fc35

PyPy's implementation of Python 3.8, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc.. This build of PyPy has JIT-compilation enabled...

[SECURITY] Fedora 36 Update: pypy3.8-7.3.9-5.3.8.fc36

PyPy's implementation of Python 3.8, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc.. This build of PyPy has JIT-compilation enabled...

Inserting a Backdoor into a Machine-Learning System

Interesting research: "ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks, by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract: Early backdoor attacks against machine learning set off an arms race in attack and defence...

GHSA-MGVV-5MXP-XQ67 SQLite3 addresses vulnerability in packaged version of libsqlite

Summary The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4. libsqlite v3.39.4 addresses a vulnerability described as follows in the release notification: Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the...

ruby security, bug fix, and enhancement update

3.0.4-160 - Upgrade to Ruby 3.0.4. Resolves: rhbz2109428 - OpenSSL test suite fixes due to disabled SHA1. Related: rbhz2109428 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739...

ruby security, bug fix, and enhancement update

An update is available for ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an extensible, interpreted, object-oriented, scripting language. It has...

ALSA-2022:6585 Moderate: ruby security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0.4. BZ2109428 Security Fixes: Ruby: Double free in Regexp compilati...

Security update for mupdf (moderate)

openSUSE Security Update: Security update for mupdf Announcement ID: openSUSE-SU-2022:10126-1 Rating: moderate References: 1202858 Cross-References: CVE-2018-25032 CVE-2021-4216 CVSS scores: CVE-2018-25032 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-25032 SUSE: 8.1...

ruby:3.0 security, bug fix, and enhancement update

ruby 3.0.4-141 - Upgrade to Ruby 3.0.4. Resolves: rhbz2109431 Resolves: rhbz2110981 - Fix double free in Regexp compilation. Resolves: CVE-2022-28738 - Fix buffer overrun in String-to-Float conversion. Resolves: CVE-2022-28739...

Code injection

Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debuginfo' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities...

CVE-2022-38453

The CVE-2022-38453 issue affects the CMS8000 device, where multiple binary application files are compiled with 'not stripped' and 'debug_info' settings. This weakens reverse-engineering resistance and could enable an attacker to identify additional vulnerabilities in the affected software stack. ...