71 matches found
Remote Code Execution (RCE)
Overview Affected versions of this package are vulnerable to Remote Code Execution RCE. A vulnerability exists in NuGet where a race condition can lead to a symlink attack. Note: Non-Linux platforms are not affected. Remediation There is no fixed version for Microsoft.Build.NuGetSdkResolver...
Iron Tiger APT Group Updates SysUpdate Malware to Target Linux Platforms
Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Iron Tiger aka APT27 group updated their custom malware, SysUpdate, to target Linux platforms and evade security solutions. They specifically targeted a...
SUSE CVE-2015-8455
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial o...
SUSE CVE-2016-6983
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4273,...
strongSwan trust management issue vulnerability
strongSwan is a set of open source IPsec-based VPN solution for Linux platforms used by Andreas Steffen, a personal developer in Switzerland. The solution contains X.509 public key certificates, secure storage private keys, smart cards and other authentication mechanisms. strongSwan versions prio...
strongSwan 资源管理错误漏洞
strongSwan is a set of open source IPsec-based VPN solution for Linux platforms used by Andreas Steffen, a personal developer in Switzerland. The solution contains X.509 public key certificates, secure storage private keys, smart cards and other authentication mechanisms. strongSwan versions prio...
DPDK 安全漏洞
DPDK is a data plane development kit for Linux-based platforms. The product supports execution of packet processing on multiple CPU architectures. A security vulnerability exists in DPDK. An attacker exploits the vulnerability to trigger a denial-of-service attack...
Snare for Linux Cross-Site Request Forgery Vulnerability
Snare for Linux is a log collection and analysis tool for Linux-based platforms. A cross-site request forgery vulnerability exists in the web interface in versions of Snare prior to 1.7.0 for Linux-based platforms. The vulnerability stems from a WEB application that does not adequately validate...
CVE-2019-7312
Limited plaintext disclosure exists in PRIMX Zed Entreprise for Windows before 6.1.2240, Zed Entreprise for Windows ANSSI qualification submission before 6.1.2150, Zed Entreprise for Mac before 2.0.199, Zed Entreprise for Linux before 2.0.199, Zed Pro for Windows before 1.0.195, Zed Pro for Mac...
USN-3762-1 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to possibly expose sensitive information kernel memory. CVE-2018-1118 Seunghun Han discovered an information leak in the ACPI handling code in the...
Brave Denial of Service Vulnerability (CNVD-2018-09308)
Brave is a Web browser product from Brave Software, Inc. in the United States. A security vulnerability exists in versions of Brave prior to 0.14.0 based on Linux or other platforms, which stems from the program's failure to properly handle JavaScrip code. An attacker could exploit this...
Hyland Perceptive Document Filters Memory Misreference Vulnerability
Hyland Perceptive Document Filters is a document conversion toolkit from Hyland Software. The product is able to recognize and extract metadata from documents, and supports the conversion of many types of documents. A security vulnerability exists in version 11.4.0.2647 of Hyland Perceptive...
ImageMagick heap buffer overflow vulnerability (CNVD-2017-14613)
ImageMagick is an open source image viewing and editing tool for Unix/Linux platforms. ImageMagick suffers from a heap buffer overflow vulnerability due to a failure to adequately define checking user-supplied data before copying it to a location with an insufficient buffer. An attacker could...
CVE-2016-4217
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4172,...
Web2py 2.14.5 - Multiple Vulnerabilities
Web2py 2.14.5 - Multiple Vulnerabilities Title - Web2py 2.14.5 Multiple Vulnerabilities LFI,XSS,CSRF Exploit Title : Web2py 2.14.5 Multiple Vulnerabilities LFI, XSS,CSRF Reported Date : 2-April-2016 Fixed Date : 4-April-2016 Exploit Author : Narendra Bhati -...
Adobe Flash Playe Memory Misreference Vulnerability (CNVD-2016-000167)
FlashPlayer is a multimedia program player. Adobe AIR is a technology developed for the integration of web and desktop applications, allowing control of cloud-based programs on the web without having to go through a browser. On Windows and OS X platforms, Adobe Flash Player versions prior to...
Adobe Flash Player Memory Misreference Vulnerability (CNVD-2016-00017)
FlashPlayer is a multimedia program player. Adobe AIR is a technology developed for the integration of web and desktop applications, allowing control of cloud-based programs on the web without having to go through a browser. On Windows and OS X platforms, Adobe Flash Player versions prior to...
UBUNTU-CVE-2015-8055
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...
Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (2)
No description provided by source. source: http://www.securityfocus.com/bid/10226/info Multiple unspecified local buffer overrun and format string vulnerabilities have been reported to exist in various setuid Veritas NetBackup binaries. These issues may be exploited to execute arbitrary code with...
Code injection
IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, ak...