Fuji Electric V-Server Lite VPR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-1861

CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some...

CVE-2020-1857

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local...

CVE-2020-1857

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local...

Information disclosure

Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local...

Siemens Industrial Products SNMP (Update F)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Null pointer dereference

Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130...

ThreatList: A Third of Biometric Systems Targeted by Malware in Q3

Biometric security – which uses fingerprints, voice or facial recognition or retina identification to authenticate users to services – has crossed the chasm into the mainstream, thanks to the prevalence of features like fingerprint readers on laptops and FaceID for iPhones. However, researchers s...

Biometric data processing and storage system threats

Initially, digital biometric data processing systems were used primarily by government agencies and special services police, customs, etc.. However, the rapid evolution of information technology has made biometric systems accessible for 'civil' use. They are increasingly becoming part of our...

CVE-2019-5271

There is an information leak vulnerability in Huawei smart speaker Myna. When the smart speaker is paired with the cloud through Wi-Fi, the speaker incorrectly processes some data. Attackers can exploit this vulnerability to read and modify specific configurations of speakers through a series of...

CVE-2019-5271

CVE-2019-5271 affects Huawei Myna smart speaker. The vulnerability is an information leak arising when the device is paired with the cloud over Wi‑Fi, where data is mishandled during processing, allowing an attacker to read and modify specific configurations via a sequence of operations. Root cau...

CVE-2019-6674

On F5 SSL Orchestrator 15.0.0-15.0.1 and 14.0.0-14.1.2, TMM may crash when processing SSLO data in a service-chaining configuration...

CVE-2019-8158

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...

Design/Logic Flaw

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...

CVE-2019-8158

CVE-2019-8158 affects Magento: Magento 2.2 prior to 2.2.10 and 2.3 prior to 2.3.3 (or 2.3.2-p1). The issue is an XPath entity injection in the page cache block rendering path, where crafted GET data is passed to the XML data processing engine without validation, allowing limited access to underly...

[SECURITY] Fedora 30 Update: jackson-databind-2.10.0-1.fc30

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

CVE-2018-17791

Newgen OmniFlow Intelligent Business Process Suite iBPS 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business...

Saia Burgess Controls Processor Unit

Binary data 764930.prm...

Introducing EQR — The Need for Petabyte-Scale Real-Time Analysis

Making Fast Decisions from Lots of Data One of the most difficult things to solve for in the Security industry is scale. Security is essentially a big data problem—data that is dynamic, and variadic. You need to correlate lots of disparate data elements that contain dynamically changing parameter...

CVE-2018-8035

This CVE concerns Apache UIMA DUCC (