EulerOS 2.0 SP5 : spice-gtk (EulerOS-SA-2021-1233)

According to the versions of the spice-gtk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

HCL OneTest 安全漏洞

HCL OneTest is a software testing tool from HCL India that provides multiple testing options. The software supports API testing, functional testing, UI testing, performance testing and service virtualization to support software automation testing. A security vulnerability exists in HCL OneTest...

EulerOS 2.0 SP5 : spice (EulerOS-SA-2021-1232)

According to the version of the spice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Bot...

CentOS 8 : libreoffice (CESA-2020:1598)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1598 advisory. - libreoffice: Remote resources protection module not applied to bullet graphics CVE-2019-9849 - libreoffice: Insufficient URL validation allowing...

CentOS 8 : spice and spice-gtk (CESA-2020:4186)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4186 advisory. - spice: multiple buffer overflow vulnerabilities in QUIC decoding code CVE-2020-14355 Note that Nessus has not tested for this issue but has instead relied onl...

EulerOS 2.0 SP3 : spice (EulerOS-SA-2021-1121)

According to the version of the spice package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Bot...

EulerOS 2.0 SP3 : spice-gtk (EulerOS-SA-2021-1122)

According to the versions of the spice-gtk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious...

Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2021-1074)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

pillow is vulnerable to denial of service DoS. The vulnerability exists through a heap-based buffer overflow during the decoding of a malicious YCbCr file in RGBA mode...

Denial Of Service (DoS)

pillow is vulnerable to denial of service DoS. The vulnerability exists through a buffer overread during the decoding of a PcxImageFile through the value of stride...

CVE-2020-35653

In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations...

PT-2021-21416 · Qpdf +4 · Qpdf +4

Name of the Vulnerable Software and Affected Versions: QPDF versions 9.x through 9.1.1 QPDF versions 10.x through 10.0.4 Description: The issue is a heap-based buffer overflow in Pl ASCII85Decoder::write, which is called from Pl AES PDF::flush and Pl AES PDF::finish, occurring when a certain...

ALERT: North Korean hackers targeting South Korea with RokRat Trojan

A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37 aka Starcruft, Ricochet Chollima, or Reaper, Malwarebytes said it identified a malicious document last December that, whe...

ALERT: North Korean hackers targeting South Korea with RokRat Trojan

A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37 aka Starcruft, Ricochet Chollima, or Reaper, Malwarebytes said it identified a malicious document last December that, whe...

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

This post was authored by Hossein Jazi On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea. The meeting date mentioned in the document was 23 Jan 2020, which aligns with the...

EulerOS Virtualization for ARM 64 3.0.2.0 : xorg-x11-server (EulerOS-SA-2021-1048)

According to the versions of the xorg-x11-server packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames functi...

CVE-2020-35918

An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens with invalid base62 data can panic...

CVE-2020-35918

An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens with invalid base62 data can panic...

CVE-2020-35918

An issue was discovered in the branca crate before 0.10.0 for Rust. Decoding tokens with invalid base62 data can panic...

Rust branca crate security vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in branca crate before 0.10.0 for Rust, which stems from the fact that decoding tokens with invalid base62 data may cause panic...