CVE-2017-14198

Summary: CVE-2017-14198 affects Squiz Matrix prior to 5.3.6.1 and 5.4.x prior to 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag. The connected CNVD/NVD entries corroborate the affected versions an...

November 21, 2017—KB4055038

November 21, 2017—KB4055038 Summary This update addresses an issue that prevents some Epson SIDM Dot Matrix and TM POS printers from printing on x86-based and x64-based systems.This issue affects the following releases: 2017-11 Monthly Rollup - KB4048958 2017-11 Security-only update - KB4048961...

HP Matrix Operating Environment Point Hijacking Vulnerability

HP Matrix Operating Environment is a suite of cloud management software designed for infrastructure services from Hewlett-Packard HP. A point hijacking vulnerability exists in HP Matrix Operating Environment version 7.6 LR1, which can be exploited by an attacker to conduct a clickjacking attack v...

HP Matrix Operating Environment Point Hijacking Vulnerability (CNVD-2017-37920)

HP Matrix Operating Environment is a suite of cloud management software designed for infrastructure services from Hewlett-Packard HP. A point hijacking vulnerability exists in HP Matrix Operating Environment version 7.6 LR1, which can be exploited by an attacker to conduct a clickjacking attack v...

Partner Perspectives – Detecting Ransomware: Behind the Scenes of an Attack

Editor's Note: This blog originally appeared on RedCanary.com Ransomware has been the threat of the year. If you’ve had even a lazy eye on current events in information security, you’ve heard about the WannaCry infection that recently took out endpoints for hundreds of companies. By now you’ve...

ImageMagick ReadMATImage Function Denial of Service Vulnerability

ImageMagick is a software for creating, editing, and compositing images that can read, convert, and write images in many formats. A denial of service vulnerability exists in the ReadMATImage function in coders/mat.c in ImageMagick, which can be exploited by an attacker to cause a denial of servic...

Upgrading to Citrix Receiver for Windows

Beginning August 2018, Citrix Receiver has been replaced by Citrix Workspace app. While you can still download older versions of Citrix Receiver, new features and enhancements will be released for Citrix Workspace App. ​​​​​​​ Citrix Receiver for Windows has evolved to meet the platform and user...

CVE-2016-6812

The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. Th...

Design/Logic Flaw

The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. Th...

Xiph.Org libao '_tokenize_matrix' function denial of service vulnerability

Xiph.Org libao is a cross-platform audio library capable of outputting audio on a variety of different platforms. A security vulnerability exists in the 'tokenizematrix' function of the audioout.c file in Xiph.Org libao version 1.2.0. A remote attacker can exploit this vulnerability to cause a...

AZL-12122 CVE-2017-11548 affecting package libao 1.2.0-24

The tokenizematrix function in audioout.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service memory corruption via a crafted MP3 file...

DEBIAN-CVE-2017-11548

The tokenizematrix function in audioout.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service memory corruption via a crafted MP3 file...

ALPINE-CVE-2017-11548

The tokenizematrix function in audioout.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service memory corruption via a crafted MP3 file...

The vulnerability of the ReadMATImage function in the console-based image editing tool ImageMagick, which allows a hacker to cause a service failure.

The vulnerability of the ReadMATImage function in the console-based image editing tool ImageMagick arises from the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service interruptions by...

Inside Secure MatrixSSL Buffer Overflow Vulnerability (CNVD-2017-15853)

Inside Secure MatrixSSL is an IoT application toolkit from Inside Secure, France, that enables modular implementation of TLS and DTLS. A heap buffer overflow vulnerability exists in the X509 certificate parsing feature in Inside Secure MatrixSSL version 3.8.7b. A remote attacker could exploit thi...

Inside Secure MatrixSSL Integer Overflow Vulnerability

Inside Secure MatrixSSL is an IoT application toolkit from Inside Secure, France, that enables a modular implementation of TLS and DTLS. An integer overflow vulnerability exists in the X509 certificate parsing feature in Inside Secure MatrixSSL version 3.8.7b. An attacker can exploit this...

CVE-2017-2781

An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially...

jasper: missing jas_matrix_create() parameter checks

The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service NULL pointer dereference by calling the imginfo command with a crafted BMP image...

apache-cxf: XSS in Apache CXF FormattedServiceListWriter

A vulnerability was found in FormattedServiceListWriter in Apache CXF HTTP transport module that could allow an attacker to inject unexpected matrix parameters into the request URL. On a successful injection these matrix parameters will find their way back to the client in the services list page...

Adobe Flash Transform matrix Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...