CVE-2019-8150

CVE-2019-8150 is a remote code execution vulnerability in Magento. It affects Magento 2.2.x before 2.2.10 and Magento 2.3.x before 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate layouts and images can insert a malicious payload into the page layout, resulting in RCE with H...

CVE-2019-8137

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to manipulate CMS section of the website can trigger remote code execution via custom layout update...

CVE-2019-8091

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution...

Remote code execution

A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution...

CVE-2019-8090

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature...

CVE-2019-8090

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature...

Arbitrary file deletion

An arbitrary file deletion vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated users can manipulate the design layout update feature...

CVE-2019-8091

CVE-2019-8091 is a remote code execution vulnerability in Magento 1.x prior to 1.9.4.3 and Magento 1.14.4.3. An authenticated admin user with privileges to access product attributes can exploit layout updates to trigger code execution. Affected products: Magento Open Source before 1.9.4.3 and Mag...

Apple iOS, iPadOS and tvOS Kernel Component Permission Logic Vulnerability (CNVD-2019-46957)

Apple iOS is an operating system developed for mobile devices.Apple tvOS is a smart TV operating system.Apple iPadOS is an operating system for iPad tablets.Kernel is one of the kernels. A security vulnerability exists in the Kernel component of Apple iOS before 13.1, iPadOS before 13.1, and tvOS...

Apple macOS Catalina IOGraphics Component Logic Vulnerability

Apple macOS Catalina is a proprietary operating system developed by Apple Inc. for Mac computers.IOGraphics is one of the input and output graphics components. A security vulnerability exists in the IOGraphics component in Apple macOS Catalina versions prior to 10.15. An attacker can exploit this...

macOS < 10.15 Multiple Vulnerabilities

The remote host is running a version of macOS / Mac OS X that is prior to 10.15. It is, therefore, affected by multiple vulnerabilities. - An application may be able to execute arbitrary code with kernel privileges CVE-2019-8748 - Multiple issues in PHP CVE-2019-11041, CVE-2019-11042 - Processing...

IoT: a malware story

Since 2008, cyber-criminals have been creating malware to attack IoT-devices, such as routers and other types of network equipment. You will find a lot of statistics on this on Securelist, most notably, here and here. The main problem with these IoT/embedded devices is that one simply cannot...

PRODSECBUG-2446: Remote code execution via custom layout update in create product functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

PRODSECBUG-2414: Remote code execution through custom layout update of the content management functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

CVE-2017-5447

An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

Real-life social engineering. Two days in tweets

This is the write-up of my live tweets while on a recent social engineering engagement. It’s all available on my feed @ghostie I did this because I wanted to share what it's like to prep for, and work through a job, warts and all. If you can take anything away, to enhance your technique, or defen...

DEBIAN-CVE-2019-16093

Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c...

DEBIAN-CVE-2019-16094

Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c...

UBUNTU-CVE-2019-16094

Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c...

PT-2019-14502 · Symonics +2 · Libmysofa +2

Name of the Vulnerable Software and Affected Versions: Symonics libmysofa version 0.7 Description: The issue is related to an invalid write in the readOHDRHeaderMessageDataLayout function located in hdf/dataobject.c. Recommendations: For Symonics libmysofa version 0.7, consider applying a patch o...