The vulnerability of the read_creator_block function in the GIMP graphic editor allows for reading beyond the buffer boundary of dynamic memory, enabling attackers to cause service failures, compromise data integrity, and undermine data confidentiality.

The vulnerability of the readcreatorblock function in the GIMP graphic editor’s plug-in/common/file-psp.c file is related to reading data beyond the buffer boundaries of dynamic memory. Exploiting this vulnerability could allow an attacker to cause service failures, compromise data integrity, and...

RHEL 6 : jenkins (RHSA-2013:0700)

An updated jenkins package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.1.3. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Critical: Red Hat Security Advisory: flash-plugin security update

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

WP AMP plug-in vulnerability analysis-vulnerability warning-the black bar safety net

The researchers found the WordPress plug-in AMP for WP – Accelerated Mobile Pages the presence of vulnerabilities. AMP is to move the page to the acceleration of the mean, is a by Google the company launched speed up mobile page load speed of the project, you can let the mobile terminal in the...

Pacu - The AWS Exploitation Framework, Designed For Testing The Security Of Amazon Web Services Environments

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...

The AWS Exploitation Framework: Pacu

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...

Google Chrome Mojo has an unspecified vulnerability

Google Chrome is the United States Google Google company developed a Web browser. Mojo is one of the Mojo Maven plain Old Java Object plug-ins. An unspecified vulnerability exists in Mojo in Google Chrome versions prior to 69.0.3497.81. No detailed vulnerability details are provided at this time...

CVE-2018-7937

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into...

CVE-2018-7937

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into...

Security feature bypass

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into...

CVE-2018-7937

Affected products are Huawei HiRouter-CD20-10 and WS5200-10, with versions before 1.9.6. The issue is a plug-in signature bypass caused by insufficient plug-in verification, enabling an attacker to tamper with a legitimate plug-in to install a malicious one. Successful exploit could grant root ac...

CVE-2018-7937

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into...

Plug-in Signature Bypass Vulnerability in Multiple Huawei Products

Huawei HiRouter-CD20 and WS5200-10 are both home router products released by Huawei China. A plug-in signature bypass security vulnerability exists in several Huawei products. An attacker can build a malicious plug-in by tampering with a legitimate plug-in. When the attacker induces the user to...

Security Advisory - Plug-in Signature Bypass Vulnerability in Some Huawei Products

There is a plug-in signature bypass vulnerability in some Huawei products due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into installing it. Successful exploit could allow the attacker to obtain the root...

RHEL 6 : flash-plugin (RHSA-2018:2435)

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Microsoft Windows: Turn off Data Execution Prevention for Explorer

Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer. C Microsoft Corporation 2015. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Potential security vulnerabilities with JavaTM SDKs

Abstract Security Bulletin: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-0551, CVE-2012-1713,...

AWS Invites Trend Micro to Give a Sneak Peek Of Our New Stuff

You can tell a lot by the company someone keeps. This is one of many reasons we are so proud to have been invited to present at an Amazon event today. Amazon is hosting an EKoS Day in San Francisco and will be highlighting their newly launched Amazon EKS offering. We are giving a sneak peek of th...

Susie plug-in "axpdfium" may insecurely load Dynamic Link Libraries

Overview Susie plug-in "axpdfium" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running the program where "axpdfium" is used. Solution Update the plug-in Update...

JVN#79301396: Susie plug-in "axpdfium" may insecurely load Dynamic Link Libraries

Susie plug-in "axpdfium" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user running the program where "axpdfium" is used. Solution Update the plug-in Update the plug-...