1013 matches found
java-1.8.0-openjdk security update
1:1.8.0.242.b08-0 - Update to aarch64-shenandoah-jdk8u242-b08. - Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions. - Resolves: rhbz1785753 1:1.8.0.242.b07-1 - Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue. - Resolves: rhbz1785753 1:1.8.0.242.b07-0 -...
CVE-2014-2271
cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java...
Nord Security: nordvpn Linux Desktop executable application does not use pie / no ASLR
Summary: The nordvpn Linux binary application is not compiled as position independent code or position independent Executable. Steps To Reproduce: POC: $file /usr/bin/nordvpn /usr/bin/nordvpn: ELF 64-bit LSB executable, x86-64, version 1 SYSV, dynamically linked, interpreter...
CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
CVE-2019-10493
Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640,...
Design/Logic Flaw
Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640,...
CVE-2019-10493
Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640,...
CVE-2019-10493
CVE-2019-10493 is a critical flaw in Qualcomm closed‑source components used in Snapdragon devices (e.g., Auto/Compute/IoT/mobile/wearables). The issue degrades position determination accuracy due to wrongly decoded information across a long list of Snapdragon platforms (APQ8053, MDMs, SDMs, SXR, ...
How to Write a Resume for a Cybersecurity Position
By Owais Sultan Looking to secure a cybersecurity position? You need to have a solid resume. Find out how to do it here! This is a post from HackRead.com Read the original post: How to Write a Resume for a Cybersecurity Position...
Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL including .NET Assemblies files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable such as Program.Main, it...
CVE-2019-17526
An issue was discovered in SageMath Sage Cell Server through 2019-10-05. Python Code Injection can occur in the context of an internet facing web application. Malicious actors can execute arbitrary commands on the underlying operating system, as demonstrated by an import'os'.popen'whoami'.read...
LOWKEY: Hunting for the Missing Volume Serial ID
In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group: APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. This blog...
CVE-2019-13336
The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. NOTE: the vendor's position is that this product reached end o...
I'm Looking to Hire a Strategist to Help Figure Out Public-Interest Tech
I am in search of a strategic thought partner: a person who can work closely with me over the next 9 to 12 months in assessing what's needed to advance the practice, integration, and adoption of public-interest technology. All of the details are in the RFP. The selected strategist will work close...
emacs, mercurial security update
CentOS Errata and Security Advisory CESA-2019:2276 An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...
CentOS 7 : mercurial (CESA-2019:2276)
An update for mercurial is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
PT-2019-14377 · Gnu +1 · Gnu Chess +1
Name of the Vulnerable Software and Affected Versions: GNU Chess version 6.2.5 Description: A stack-based buffer overflow issue exists in the cmd load function, located in frontend/cmd.cc, which can be triggered by a crafted chess position in an EPD file. Recommendations: For GNU Chess version...
GNU Chess Stack Buffer Overflow Vulnerability
GNU Chess is a chess game program. A stack buffer overflow vulnerability exists in the cmdload function in frontend/cmd.cc in GNU Chess 6.2.5. An attacker can exploit this vulnerability to cause a stack buffer overflow via a specially crafted chess position in an EPD file...
Information disclosure
DISPUTED AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality...
CVE-2019-8696
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code...